Remove/rename some old files.

Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Rich Salz 2016-05-20 16:16:07 -04:00
parent 44c8a5e2b9
commit b8a9af6881
36 changed files with 1 additions and 1693 deletions

View file

@ -93,9 +93,7 @@ GENERATED={- join(" ",
{- output_off() if $disabled{apps}; "" -}
BIN_SCRIPTS=$(BLDDIR)/tools/c_rehash
MISC_SCRIPTS=$(SRCDIR)/tools/c_hash $(SRCDIR)/tools/c_info \
$(SRCDIR)/tools/c_issuer $(SRCDIR)/tools/c_name \
$(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget
MISC_SCRIPTS=$(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget
{- output_on() if $disabled{apps}; "" -}
SHLIB_INFO={- join(" ", map { "\"".shlib($_).";".shlib_simple($_)."\"" } @{$unified_info{libraries}}) -}

View file

@ -1,46 +0,0 @@
Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
All rights reserved.
This package is an Blowfish implementation written
by Eric Young (eay@cryptsoft.com).
This library is free for commercial and non-commercial use as long as
the following conditions are aheared to. The following conditions
apply to all code found in this distribution.
Copyright remains Eric Young's, and as such any Copyright notices in
the code are not to be removed.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement:
This product includes software developed by Eric Young (eay@cryptsoft.com)
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
The license and distribution terms for any publically available version or
derivative of this code cannot be changed. i.e. this code cannot simply be
copied and put under another distrubution license
[including the GNU Public License.]
The reason behind this being stated in this direct manner is past
experience in code simply being copied and the attribution removed
from it and then being distributed as part of other packages. This
implementation was a non-trivial and unpaid effort.

View file

@ -1,14 +0,0 @@
This Eric Young's blowfish implementation, taken from his SSLeay library
and made available as a separate library.
The version number (0.7.2m) is the SSLeay version that this library was
taken from.
To build, just unpack and type make.
If you are not using gcc, edit the Makefile.
If you are compiling for an x86 box, try the assembler (it needs improving).
There are also some compile time options that can improve performance,
these are documented in the Makefile.
eric 15-Apr-1997

View file

@ -1,6 +0,0 @@
The version numbers will follow my SSL implementation
0.7.2r - Some reasonable default compiler options from
Peter Gutman <pgut001@cs.auckland.ac.nz>
0.7.2m - the first release

View file

@ -1,67 +0,0 @@
//
// gettsc.inl
//
// gives access to the Pentium's (secret) cycle counter
//
// This software was written by Leonard Janke (janke@unixg.ubc.ca)
// in 1996-7 and is entered, by him, into the public domain.
#if defined(__WATCOMC__)
void GetTSC(unsigned long&);
#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
#elif defined(__GNUC__)
inline
void GetTSC(unsigned long& tsc)
{
asm volatile(".byte 15, 49\n\t"
: "=eax" (tsc)
:
: "%edx", "%eax");
}
#elif defined(_MSC_VER)
inline
void GetTSC(unsigned long& tsc)
{
unsigned long a;
__asm _emit 0fh
__asm _emit 31h
__asm mov a, eax;
tsc=a;
}
#endif
#include <stdio.h>
#include <stdlib.h>
#include <openssl/blowfish.h>
void main(int argc,char *argv[])
{
BF_KEY key;
unsigned long s1,s2,e1,e2;
unsigned long data[2];
int i,j;
for (j=0; j<6; j++)
{
for (i=0; i<1000; i++) /**/
{
BF_encrypt(&data[0],&key);
GetTSC(s1);
BF_encrypt(&data[0],&key);
BF_encrypt(&data[0],&key);
BF_encrypt(&data[0],&key);
GetTSC(e1);
GetTSC(s2);
BF_encrypt(&data[0],&key);
BF_encrypt(&data[0],&key);
BF_encrypt(&data[0],&key);
BF_encrypt(&data[0],&key);
GetTSC(e2);
BF_encrypt(&data[0],&key);
}
printf("blowfish %d %d (%d)\n",
e1-s1,e2-s2,((e2-s2)-(e1-s1)));
}
}

View file

@ -1,70 +0,0 @@
//
// gettsc.inl
//
// gives access to the Pentium's (secret) cycle counter
//
// This software was written by Leonard Janke (janke@unixg.ubc.ca)
// in 1996-7 and is entered, by him, into the public domain.
#if defined(__WATCOMC__)
void GetTSC(unsigned long&);
#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
#elif defined(__GNUC__)
inline
void GetTSC(unsigned long& tsc)
{
asm volatile(".byte 15, 49\n\t"
: "=eax" (tsc)
:
: "%edx", "%eax");
}
#elif defined(_MSC_VER)
inline
void GetTSC(unsigned long& tsc)
{
unsigned long a;
__asm _emit 0fh
__asm _emit 31h
__asm mov a, eax;
tsc=a;
}
#endif
#include <stdio.h>
#include <stdlib.h>
#include <openssl/cast.h>
void main(int argc,char *argv[])
{
CAST_KEY key;
unsigned long s1,s2,e1,e2;
unsigned long data[2];
int i,j;
static unsigned char d[16]={0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
CAST_set_key(&key, 16,d);
for (j=0; j<6; j++)
{
for (i=0; i<1000; i++) /**/
{
CAST_encrypt(&data[0],&key);
GetTSC(s1);
CAST_encrypt(&data[0],&key);
CAST_encrypt(&data[0],&key);
CAST_encrypt(&data[0],&key);
GetTSC(e1);
GetTSC(s2);
CAST_encrypt(&data[0],&key);
CAST_encrypt(&data[0],&key);
CAST_encrypt(&data[0],&key);
CAST_encrypt(&data[0],&key);
GetTSC(e2);
CAST_encrypt(&data[0],&key);
}
printf("cast %d %d (%d)\n",
e1-s1,e2-s2,((e2-s2)-(e1-s1)));
}
}

View file

@ -1,50 +0,0 @@
Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
All rights reserved.
This package is an DES implementation written by Eric Young (eay@cryptsoft.com).
The implementation was written so as to conform with MIT's libdes.
This library is free for commercial and non-commercial use as long as
the following conditions are aheared to. The following conditions
apply to all code found in this distribution.
Copyright remains Eric Young's, and as such any Copyright notices in
the code are not to be removed.
If this package is used in a product, Eric Young should be given attribution
as the author of that the SSL library. This can be in the form of a textual
message at program startup or in documentation (online or textual) provided
with the package.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement:
This product includes software developed by Eric Young (eay@cryptsoft.com)
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
The license and distribution terms for any publically available version or
derivative of this code cannot be changed. i.e. this code cannot simply be
copied and put under another distrubution license
[including the GNU Public License.]
The reason behind this being stated in this direct manner is past
experience in code simply being copied and the attribution removed
from it and then being distributed as part of other packages. This
implementation was a non-trivial and unpaid effort.

View file

@ -1,131 +0,0 @@
First up, let me say I don't like writing in assembler. It is not portable,
dependant on the particular CPU architecture release and is generally a pig
to debug and get right. Having said that, the x86 architecture is probably
the most important for speed due to number of boxes and since
it appears to be the worst architecture to to get
good C compilers for. So due to this, I have lowered myself to do
assembler for the inner DES routines in libdes :-).
The file to implement in assembler is des_enc.c. Replace the following
4 functions
des_encrypt1(DES_LONG data[2],des_key_schedule ks, int encrypt);
des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt);
des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
They encrypt/decrypt the 64 bits held in 'data' using
the 'ks' key schedules. The only difference between the 4 functions is that
des_encrypt2() does not perform IP() or FP() on the data (this is an
optimization for when doing triple DES and des_encrypt3() and des_decrypt3()
perform triple des. The triple DES routines are in here because it does
make a big difference to have them located near the des_encrypt2 function
at link time..
Now as we all know, there are lots of different operating systems running on
x86 boxes, and unfortunately they normally try to make sure their assembler
formating is not the same as the other peoples.
The 4 main formats I know of are
Microsoft Windows 95/Windows NT
Elf Includes Linux and FreeBSD(?).
a.out The older Linux.
Solaris Same as Elf but different comments :-(.
Now I was not overly keen to write 4 different copies of the same code,
so I wrote a few perl routines to output the correct assembler, given
a target assembler type. This code is ugly and is just a hack.
The libraries are x86unix.pl and x86ms.pl.
des586.pl, des686.pl and des-som[23].pl are the programs to actually
generate the assembler.
So to generate elf assembler
perl des-som3.pl elf >dx86-elf.s
For Windows 95/NT
perl des-som2.pl win32 >win32.asm
[ update 4 Jan 1996 ]
I have added another way to do things.
perl des-som3.pl cpp >dx86-cpp.s
generates a file that will be included by dx86unix.cpp when it is compiled.
To build for elf, a.out, solaris, bsdi etc,
cc -E -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o
cc -E -DSOL asm/dx86unix.cpp | as -o asm/dx86-sol.o
cc -E -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o
cc -E -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o
This was done to cut down the number of files in the distribution.
Now the ugly part. I acquired my copy of Intels
"Optimization's For Intel's 32-Bit Processors" and found a few interesting
things. First, the aim of the exersize is to 'extract' one byte at a time
from a word and do an array lookup. This involves getting the byte from
the 4 locations in the word and moving it to a new word and doing the lookup.
The most obvious way to do this is
xor eax, eax # clear word
movb al, cl # get low byte
xor edi DWORD PTR 0x100+des_SP[eax] # xor in word
movb al, ch # get next byte
xor edi DWORD PTR 0x300+des_SP[eax] # xor in word
shr ecx 16
which seems ok. For the pentium, this system appears to be the best.
One has to do instruction interleaving to keep both functional units
operating, but it is basically very efficient.
Now the crunch. When a full register is used after a partial write, eg.
mov al, cl
xor edi, DWORD PTR 0x100+des_SP[eax]
386 - 1 cycle stall
486 - 1 cycle stall
586 - 0 cycle stall
686 - at least 7 cycle stall (page 22 of the above mentioned document).
So the technique that produces the best results on a pentium, according to
the documentation, will produce hideous results on a pentium pro.
To get around this, des686.pl will generate code that is not as fast on
a pentium, should be very good on a pentium pro.
mov eax, ecx # copy word
shr ecx, 8 # line up next byte
and eax, 0fch # mask byte
xor edi DWORD PTR 0x100+des_SP[eax] # xor in array lookup
mov eax, ecx # get word
shr ecx 8 # line up next byte
and eax, 0fch # mask byte
xor edi DWORD PTR 0x300+des_SP[eax] # xor in array lookup
Due to the execution units in the pentium, this actually works quite well.
For a pentium pro it should be very good. This is the type of output
Visual C++ generates.
There is a third option. instead of using
mov al, ch
which is bad on the pentium pro, one may be able to use
movzx eax, ch
which may not incur the partial write penalty. On the pentium,
this instruction takes 4 cycles so is not worth using but on the
pentium pro it appears it may be worth while. I need access to one to
experiment :-).
eric (20 Oct 1996)
22 Nov 1996 - I have asked people to run the 2 different version on pentium
pros and it appears that the intel documentation is wrong. The
mov al,bh is still faster on a pentium pro, so just use the des586.pl
install des686.pl
3 Dec 1996 - I added des_encrypt3/des_decrypt3 because I have moved these
functions into des_enc.c because it does make a massive performance
difference on some boxes to have the functions code located close to
the des_encrypt2() function.
9 Jan 1997 - des-som2.pl is now the correct perl script to use for
pentiums. It contains an inner loop from
Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk> which does raw ecb DES calls at
273,000 per second. He had a previous version at 250,000 and the best
I was able to get was 203,000. The content has not changed, this is all
due to instruction sequencing (and actual instructions choice) which is able
to keep both functional units of the pentium going.
We may have lost the ugly register usage restrictions when x86 went 32 bit
but for the pentium it has been replaced by evil instruction ordering tricks.
13 Jan 1997 - des-som3.pl, more optimizations from Svend Olaf.
raw DES at 281,000 per second on a pentium 100.

View file

@ -1,50 +0,0 @@
From owner-cypherpunks@toad.com Mon Sep 25 10:50:51 1995
Received: from minbne.mincom.oz.au by orb.mincom.oz.au with SMTP id AA10562
(5.65c/IDA-1.4.4 for eay); Wed, 27 Sep 1995 19:41:55 +1000
Received: by minbne.mincom.oz.au id AA19958
(5.65c/IDA-1.4.4 for eay@orb.mincom.oz.au); Wed, 27 Sep 1995 19:34:59 +1000
Received: from relay3.UU.NET by bunyip.cc.uq.oz.au with SMTP (PP);
Wed, 27 Sep 1995 19:13:05 +1000
Received: from toad.com by relay3.UU.NET with SMTP id QQzizb16156;
Wed, 27 Sep 1995 04:48:46 -0400
Received: by toad.com id AA07905; Tue, 26 Sep 95 06:31:45 PDT
Received: from by toad.com id AB07851; Tue, 26 Sep 95 06:31:40 PDT
Received: from servo.qualcomm.com (servo.qualcomm.com [129.46.128.14])
by cygnus.com (8.6.12/8.6.9) with ESMTP id RAA18442
for <cypherpunks@toad.com>; Mon, 25 Sep 1995 17:52:47 -0700
Received: (karn@localhost) by servo.qualcomm.com (8.6.12/QC-BSD-2.5.1)
id RAA14732; Mon, 25 Sep 1995 17:50:51 -0700
Date: Mon, 25 Sep 1995 17:50:51 -0700
From: Phil Karn <karn@qualcomm.com>
Message-Id: <199509260050.RAA14732@servo.qualcomm.com>
To: cypherpunks@toad.com, ipsec-dev@eit.com
Subject: Primality verification needed
Sender: owner-cypherpunks@toad.com
Precedence: bulk
Status: RO
X-Status:
Hi. I've generated a 2047-bit "strong" prime number that I would like to
use with Diffie-Hellman key exchange. I assert that not only is this number
'p' prime, but so is (p-1)/2.
I've used the mpz_probab_prime() function in the Gnu Math Package (GMP) version
1.3.2 to test this number. This function uses the Miller-Rabin primality test.
However, to increase my confidence that this number really is a strong prime,
I'd like to ask others to confirm it with other tests. Here's the number in hex:
72a925f760b2f954ed287f1b0953f3e6aef92e456172f9fe86fdd8822241b9c9788fbc289982743e
fbcd2ccf062b242d7a567ba8bbb40d79bca7b8e0b6c05f835a5b938d985816bc648985adcff5402a
a76756b36c845a840a1d059ce02707e19cf47af0b5a882f32315c19d1b86a56c5389c5e9bee16b65
fde7b1a8d74a7675de9b707d4c5a4633c0290c95ff30a605aeb7ae864ff48370f13cf01d49adb9f2
3d19a439f753ee7703cf342d87f431105c843c78ca4df639931f3458fae8a94d1687e99a76ed99d0
ba87189f42fd31ad8262c54a8cf5914ae6c28c540d714a5f6087a171fb74f4814c6f968d72386ef3
56a05180c3bec7ddd5ef6fe76b1f717b
The generator, g, for this prime is 2.
Thanks!
Phil Karn

View file

@ -1,65 +0,0 @@
From: stewarts@ix.netcom.com (Bill Stewart)
Newsgroups: sci.crypt
Subject: Re: Diffie-Hellman key exchange
Date: Wed, 11 Oct 1995 23:08:28 GMT
Organization: Freelance Information Architect
Lines: 32
Message-ID: <45hir2$7l8@ixnews7.ix.netcom.com>
References: <458rhn$76m$1@mhadf.production.compuserve.com>
NNTP-Posting-Host: ix-pl4-16.ix.netcom.com
X-NETCOM-Date: Wed Oct 11 4:09:22 PM PDT 1995
X-Newsreader: Forte Free Agent 1.0.82
Kent Briggs <72124.3234@CompuServe.COM> wrote:
>I have a copy of the 1976 IEEE article describing the
>Diffie-Hellman public key exchange algorithm: y=a^x mod q. I'm
>looking for sources that give examples of secure a,q pairs and
>possible some source code that I could examine.
q should be prime, and ideally should be a "strong prime",
which means it's of the form 2n+1 where n is also prime.
q also needs to be long enough to prevent the attacks LaMacchia and
Odlyzko described (some variant on a factoring attack which generates
a large pile of simultaneous equations and then solves them);
long enough is about the same size as factoring, so 512 bits may not
be secure enough for most applications. (The 192 bits used by
"secure NFS" was certainly not long enough.)
a should be a generator for q, which means it needs to be
relatively prime to q-1. Usually a small prime like 2, 3 or 5 will
work.
....
Date: Tue, 26 Sep 1995 13:52:36 MST
From: "Richard Schroeppel" <rcs@cs.arizona.edu>
To: karn
Cc: ho@cs.arizona.edu
Subject: random large primes
Since your prime is really random, proving it is hard.
My personal limit on rigorously proved primes is ~350 digits.
If you really want a proof, we should talk to Francois Morain,
or the Australian group.
If you want 2 to be a generator (mod P), then you need it
to be a non-square. If (P-1)/2 is also prime, then
non-square == primitive-root for bases << P.
In the case at hand, this means 2 is a generator iff P = 11 (mod 24).
If you want this, you should restrict your sieve accordingly.
3 is a generator iff P = 5 (mod 12).
5 is a generator iff P = 3 or 7 (mod 10).
2 is perfectly usable as a base even if it's a non-generator, since
it still covers half the space of possible residues. And an
eavesdropper can always determine the low-bit of your exponent for
a generator anyway.
Rich rcs@cs.arizona.edu

View file

@ -1,122 +0,0 @@
The original FIPE 180 used SHA-0 (FIPS 180) for its appendix 5
examples. This is an updated version that uses SHA-1 (FIPS 180-1)
supplied to me by Wei Dai
--
APPENDIX 5. EXAMPLE OF THE DSA
This appendix is for informational purposes only and is not required to meet
the standard.
Let L = 512 (size of p). The values in this example are expressed in
hexadecimal notation. The p and q given here were generated by the prime
generation standard described in appendix 2 using the 160-bit SEED:
d5014e4b 60ef2ba8 b6211b40 62ba3224 e0427dd3
With this SEED, the algorithm found p and q when the counter was at 105.
x was generated by the algorithm described in appendix 3, section 3.1, using
the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit XSEED:
XSEED =
bd029bbe 7f51960b cf9edb2b 61f06f0f eb5a38b6
t =
67452301 EFCDAB89 98BADCFE 10325476 C3D2E1F0
x = G(t,XSEED) mod q
k was generated by the algorithm described in appendix 3, section 3.2, using
the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit KSEED:
KSEED =
687a66d9 0648f993 867e121f 4ddf9ddb 01205584
t =
EFCDAB89 98BADCFE 10325476 C3D2E1F0 67452301
k = G(t,KSEED) mod q
Finally:
h = 2
p =
8df2a494 492276aa 3d25759b b06869cb eac0d83a fb8d0cf7
cbb8324f 0d7882e5 d0762fc5 b7210eaf c2e9adac 32ab7aac
49693dfb f83724c2 ec0736ee 31c80291
q =
c773218c 737ec8ee 993b4f2d ed30f48e dace915f
g =
626d0278 39ea0a13 413163a5 5b4cb500 299d5522 956cefcb
3bff10f3 99ce2c2e 71cb9de5 fa24babf 58e5b795 21925c9c
c42e9f6f 464b088c c572af53 e6d78802
x =
2070b322 3dba372f de1c0ffc 7b2e3b49 8b260614
k =
358dad57 1462710f 50e254cf 1a376b2b deaadfbf
kinv =
0d516729 8202e49b 4116ac10 4fc3f415 ae52f917
M = ASCII form of "abc" (See FIPS PUB 180-1, Appendix A)
SHA(M) =
a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d
y =
19131871 d75b1612 a819f29d 78d1b0d7 346f7aa7 7bb62a85
9bfd6c56 75da9d21 2d3a36ef 1672ef66 0b8c7c25 5cc0ec74
858fba33 f44c0669 9630a76b 030ee333
r =
8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
s =
41e2345f 1f56df24 58f426d1 55b4ba2d b6dcd8c8
w =
9df4ece5 826be95f ed406d41 b43edc0b 1c18841b
u1 =
bf655bd0 46f0b35e c791b004 804afcbb 8ef7d69d
u2 =
821a9263 12e97ade abcc8d08 2b527897 8a2df4b0
gu1 mod p =
51b1bf86 7888e5f3 af6fb476 9dd016bc fe667a65 aafc2753
9063bd3d 2b138b4c e02cc0c0 2ec62bb6 7306c63e 4db95bbf
6f96662a 1987a21b e4ec1071 010b6069
yu2 mod p =
8b510071 2957e950 50d6b8fd 376a668e 4b0d633c 1e46e665
5c611a72 e2b28483 be52c74d 4b30de61 a668966e dc307a67
c19441f4 22bf3c34 08aeba1f 0a4dbec7
v =
8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0

View file

@ -1,22 +0,0 @@
NOTES
-----
I've checked out HPUX (well, version 11 at least) and shl_t is
a pointer type so it's safe to use in the way it has been in
dso_dl.c. On the other hand, HPUX11 support dlfcn too and
according to their man page, prefer developers to move to that.
I'll leave Richard's changes there as I guess dso_dl is needed
for HPUX10.20.
There is now a callback scheme in place where filename conversion can
(a) be turned off altogether through the use of the
DSO_FLAG_NO_NAME_TRANSLATION flag,
(b) be handled by default using the default DSO_METHOD's converter
(c) overriden per-DSO by setting the override callback
(d) a mix of (b) and (c) - eg. implement an override callback that;
(i) checks if we're win32 (if(strstr(dso->meth->name, "win32")....)
and if so, convert "blah" into "blah32.dll" (the default is
otherwise to make it "blah.dll").
(ii) default to the normal behaviour - we're not on win32, eg.
finish with (return dso->meth->dso_name_converter(dso,NULL)).

View file

@ -1,12 +0,0 @@
1.1 07/12/95 - eay
Many thanks to Rhys Weatherley <rweather@us.oracle.com>
for pointing out that I was assuming little endian byte
order for all quantities what idea actually used
bigendian. No where in the spec does it mention
this, it is all in terms of 16 bit numbers and even the example
does not use byte streams for the input example :-(.
If you byte swap each pair of input, keys and iv, the functions
would produce the output as the old version :-(.
1.0 ??/??/95 - eay
First version.

View file

@ -1,78 +0,0 @@
//
// gettsc.inl
//
// gives access to the Pentium's (secret) cycle counter
//
// This software was written by Leonard Janke (janke@unixg.ubc.ca)
// in 1996-7 and is entered, by him, into the public domain.
#if defined(__WATCOMC__)
void GetTSC(unsigned long&);
#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
#elif defined(__GNUC__)
inline
void GetTSC(unsigned long& tsc)
{
asm volatile(".byte 15, 49\n\t"
: "=eax" (tsc)
:
: "%edx", "%eax");
}
#elif defined(_MSC_VER)
inline
void GetTSC(unsigned long& tsc)
{
unsigned long a;
__asm _emit 0fh
__asm _emit 31h
__asm mov a, eax;
tsc=a;
}
#endif
#include <stdio.h>
#include <stdlib.h>
#include <openssl/md4.h>
extern "C" {
void md4_block_x86(MD4_CTX *ctx, unsigned char *buffer,int num);
}
void main(int argc,char *argv[])
{
unsigned char buffer[64*256];
MD4_CTX ctx;
unsigned long s1,s2,e1,e2;
unsigned char k[16];
unsigned long data[2];
unsigned char iv[8];
int i,num=0,numm;
int j=0;
if (argc >= 2)
num=atoi(argv[1]);
if (num == 0) num=16;
if (num > 250) num=16;
numm=num+2;
num*=64;
numm*=64;
for (j=0; j<6; j++)
{
for (i=0; i<10; i++) /**/
{
md4_block_x86(&ctx,buffer,numm);
GetTSC(s1);
md4_block_x86(&ctx,buffer,numm);
GetTSC(e1);
GetTSC(s2);
md4_block_x86(&ctx,buffer,num);
GetTSC(e2);
md4_block_x86(&ctx,buffer,num);
}
printf("md4 (%d bytes) %d %d (%.2f)\n",num,
e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
}
}

View file

@ -1,78 +0,0 @@
//
// gettsc.inl
//
// gives access to the Pentium's (secret) cycle counter
//
// This software was written by Leonard Janke (janke@unixg.ubc.ca)
// in 1996-7 and is entered, by him, into the public domain.
#if defined(__WATCOMC__)
void GetTSC(unsigned long&);
#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
#elif defined(__GNUC__)
inline
void GetTSC(unsigned long& tsc)
{
asm volatile(".byte 15, 49\n\t"
: "=eax" (tsc)
:
: "%edx", "%eax");
}
#elif defined(_MSC_VER)
inline
void GetTSC(unsigned long& tsc)
{
unsigned long a;
__asm _emit 0fh
__asm _emit 31h
__asm mov a, eax;
tsc=a;
}
#endif
#include <stdio.h>
#include <stdlib.h>
#include <openssl/md5.h>
extern "C" {
void md5_block_x86(MD5_CTX *ctx, unsigned char *buffer,int num);
}
void main(int argc,char *argv[])
{
unsigned char buffer[64*256];
MD5_CTX ctx;
unsigned long s1,s2,e1,e2;
unsigned char k[16];
unsigned long data[2];
unsigned char iv[8];
int i,num=0,numm;
int j=0;
if (argc >= 2)
num=atoi(argv[1]);
if (num == 0) num=16;
if (num > 250) num=16;
numm=num+2;
num*=64;
numm*=64;
for (j=0; j<6; j++)
{
for (i=0; i<10; i++) /**/
{
md5_block_x86(&ctx,buffer,numm);
GetTSC(s1);
md5_block_x86(&ctx,buffer,numm);
GetTSC(e1);
GetTSC(s2);
md5_block_x86(&ctx,buffer,num);
GetTSC(e2);
md5_block_x86(&ctx,buffer,num);
}
printf("md5 (%d bytes) %d %d (%.2f)\n",num,
e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
}
}

View file

@ -1,16 +0,0 @@
-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,ENCRYPTED
Proc-Type: 4,MIC-ONLY
Proc-Type: 4,MIC-CLEAR
Content-Domain: RFC822
DEK-Info: DES-CBC,0123456789abcdef
Originator-Certificate
xxxx
Issuer-Certificate
xxxx
MIC-Info: RSA-MD5,RSA,
xxxx
-----END PRIVACY-ENHANCED MESSAGE-----

View file

@ -1,22 +0,0 @@
21 0:d=0 hl=2 l= 0 cons: univ: SEQUENCE
00 2:d=0 hl=2 l= 9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-signedData
21 13:d=0 hl=2 l= 0 cons: cont: 00 # explicit tag
21 15:d=0 hl=2 l= 0 cons: univ: SEQUENCE
00 17:d=0 hl=2 l= 1 prim: univ: INTEGER # version
20 20:d=0 hl=2 l= 0 cons: univ: SET
21 22:d=0 hl=2 l= 0 cons: univ: SEQUENCE
00 24:d=0 hl=2 l= 9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-data
00 35:d=0 hl=2 l= 0 prim: univ: EOC
21 37:d=0 hl=2 l= 0 cons: cont: 00 # cert tag
20 39:d=0 hl=4 l=545 cons: univ: SEQUENCE
20 588:d=0 hl=4 l=524 cons: univ: SEQUENCE
00 1116:d=0 hl=2 l= 0 prim: univ: EOC
21 1118:d=0 hl=2 l= 0 cons: cont: 01 # crl tag
20 1120:d=0 hl=4 l=653 cons: univ: SEQUENCE
20 1777:d=0 hl=4 l=285 cons: univ: SEQUENCE
00 2066:d=0 hl=2 l= 0 prim: univ: EOC
21 2068:d=0 hl=2 l= 0 cons: univ: SET # signers
00 2070:d=0 hl=2 l= 0 prim: univ: EOC
00 2072:d=0 hl=2 l= 0 prim: univ: EOC
00 2074:d=0 hl=2 l= 0 prim: univ: EOC
00 2076:d=0 hl=2 l= 0 prim: univ: EOC

View file

@ -1,219 +0,0 @@
>From cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news Mon Feb 12 18:48:17 EST 1996
Article 23601 of sci.crypt:
Path: cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news
>From: pgut01@cs.auckland.ac.nz (Peter Gutmann)
Newsgroups: sci.crypt
Subject: Specification for Ron Rivests Cipher No.2
Date: 11 Feb 1996 06:45:03 GMT
Organization: University of Auckland
Lines: 203
Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann)
Message-ID: <4fk39f$f70@net.auckland.ac.nz>
NNTP-Posting-Host: cs26.cs.auckland.ac.nz
X-Newsreader: NN version 6.5.0 #3 (NOV)
Ron Rivest's Cipher No.2
------------------------
Ron Rivest's Cipher No.2 (hereafter referred to as RRC.2, other people may
refer to it by other names) is word oriented, operating on a block of 64 bits
divided into four 16-bit words, with a key table of 64 words. All data units
are little-endian. This functional description of the algorithm is based in
the paper "The RC5 Encryption Algorithm" (RC5 is a trademark of RSADSI), using
the same general layout, terminology, and pseudocode style.
Notation and RRC.2 Primitive Operations
RRC.2 uses the following primitive operations:
1. Two's-complement addition of words, denoted by "+". The inverse operation,
subtraction, is denoted by "-".
2. Bitwise exclusive OR, denoted by "^".
3. Bitwise AND, denoted by "&".
4. Bitwise NOT, denoted by "~".
5. A left-rotation of words; the rotation of word x left by y is denoted
x <<< y. The inverse operation, right-rotation, is denoted x >>> y.
These operations are directly and efficiently supported by most processors.
The RRC.2 Algorithm
RRC.2 consists of three components, a *key expansion* algorithm, an
*encryption* algorithm, and a *decryption* algorithm.
Key Expansion
The purpose of the key-expansion routine is to expand the user's key K to fill
the expanded key array S, so S resembles an array of random binary words
determined by the user's secret key K.
Initialising the S-box
RRC.2 uses a single 256-byte S-box derived from the ciphertext contents of
Beale Cipher No.1 XOR'd with a one-time pad. The Beale Ciphers predate modern
cryptography by enough time that there should be no concerns about trapdoors
hidden in the data. They have been published widely, and the S-box can be
easily recreated from the one-time pad values and the Beale Cipher data taken
from a standard source. To initialise the S-box:
for i = 0 to 255 do
sBox[ i ] = ( beale[ i ] mod 256 ) ^ pad[ i ]
The contents of Beale Cipher No.1 and the necessary one-time pad are given as
an appendix at the end of this document. For efficiency, implementors may wish
to skip the Beale Cipher expansion and store the sBox table directly.
Expanding the Secret Key to 128 Bytes
The secret key is first expanded to fill 128 bytes (64 words). The expansion
consists of taking the sum of the first and last bytes in the user key, looking
up the sum (modulo 256) in the S-box, and appending the result to the key. The
operation is repeated with the second byte and new last byte of the key until
all 128 bytes have been generated. Note that the following pseudocode treats
the S array as an array of 128 bytes rather than 64 words.
for j = 0 to length-1 do
S[ j ] = K[ j ]
for j = length to 127 do
s[ j ] = sBox[ ( S[ j-length ] + S[ j-1 ] ) mod 256 ];
At this point it is possible to perform a truncation of the effective key
length to ease the creation of espionage-enabled software products. However
since the author cannot conceive why anyone would want to do this, it will not
be considered further.
The final phase of the key expansion involves replacing the first byte of S
with the entry selected from the S-box:
S[ 0 ] = sBox[ S[ 0 ] ]
Encryption
The cipher has 16 full rounds, each divided into 4 subrounds. Two of the full
rounds perform an additional transformation on the data. Note that the
following pseudocode treats the S array as an array of 64 words rather than 128
bytes.
for i = 0 to 15 do
j = i * 4;
word0 = ( word0 + ( word1 & ~word3 ) + ( word2 & word3 ) + S[ j+0 ] ) <<< 1
word1 = ( word1 + ( word2 & ~word0 ) + ( word3 & word0 ) + S[ j+1 ] ) <<< 2
word2 = ( word2 + ( word3 & ~word1 ) + ( word0 & word1 ) + S[ j+2 ] ) <<< 3
word3 = ( word3 + ( word0 & ~word2 ) + ( word1 & word2 ) + S[ j+3 ] ) <<< 5
In addition the fifth and eleventh rounds add the contents of the S-box indexed
by one of the data words to another of the data words following the four
subrounds as follows:
word0 = word0 + S[ word3 & 63 ];
word1 = word1 + S[ word0 & 63 ];
word2 = word2 + S[ word1 & 63 ];
word3 = word3 + S[ word2 & 63 ];
Decryption
The decryption operation is simply the inverse of the encryption operation.
Note that the following pseudocode treats the S array as an array of 64 words
rather than 128 bytes.
for i = 15 downto 0 do
j = i * 4;
word3 = ( word3 >>> 5 ) - ( word0 & ~word2 ) - ( word1 & word2 ) - S[ j+3 ]
word2 = ( word2 >>> 3 ) - ( word3 & ~word1 ) - ( word0 & word1 ) - S[ j+2 ]
word1 = ( word1 >>> 2 ) - ( word2 & ~word0 ) - ( word3 & word0 ) - S[ j+1 ]
word0 = ( word0 >>> 1 ) - ( word1 & ~word3 ) - ( word2 & word3 ) - S[ j+0 ]
In addition the fifth and eleventh rounds subtract the contents of the S-box
indexed by one of the data words from another one of the data words following
the four subrounds as follows:
word3 = word3 - S[ word2 & 63 ]
word2 = word2 - S[ word1 & 63 ]
word1 = word1 - S[ word0 & 63 ]
word0 = word0 - S[ word3 & 63 ]
Test Vectors
The following test vectors may be used to test the correctness of an RRC.2
implementation:
Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
Cipher: 0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7
Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
Cipher: 0x21, 0x82, 0x9C, 0x78, 0xA9, 0xF9, 0xC0, 0x74
Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
Plain: 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
Cipher: 0x13, 0xDB, 0x35, 0x17, 0xD3, 0x21, 0x86, 0x9E
Key: 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
Cipher: 0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31
Appendix: Beale Cipher No.1, "The Locality of the Vault", and One-time Pad for
Creating the S-Box
Beale Cipher No.1.
71, 194, 38,1701, 89, 76, 11, 83,1629, 48, 94, 63, 132, 16, 111, 95,
84, 341, 975, 14, 40, 64, 27, 81, 139, 213, 63, 90,1120, 8, 15, 3,
126,2018, 40, 74, 758, 485, 604, 230, 436, 664, 582, 150, 251, 284, 308, 231,
124, 211, 486, 225, 401, 370, 11, 101, 305, 139, 189, 17, 33, 88, 208, 193,
145, 1, 94, 73, 416, 918, 263, 28, 500, 538, 356, 117, 136, 219, 27, 176,
130, 10, 460, 25, 485, 18, 436, 65, 84, 200, 283, 118, 320, 138, 36, 416,
280, 15, 71, 224, 961, 44, 16, 401, 39, 88, 61, 304, 12, 21, 24, 283,
134, 92, 63, 246, 486, 682, 7, 219, 184, 360, 780, 18, 64, 463, 474, 131,
160, 79, 73, 440, 95, 18, 64, 581, 34, 69, 128, 367, 460, 17, 81, 12,
103, 820, 62, 110, 97, 103, 862, 70, 60,1317, 471, 540, 208, 121, 890, 346,
36, 150, 59, 568, 614, 13, 120, 63, 219, 812,2160,1780, 99, 35, 18, 21,
136, 872, 15, 28, 170, 88, 4, 30, 44, 112, 18, 147, 436, 195, 320, 37,
122, 113, 6, 140, 8, 120, 305, 42, 58, 461, 44, 106, 301, 13, 408, 680,
93, 86, 116, 530, 82, 568, 9, 102, 38, 416, 89, 71, 216, 728, 965, 818,
2, 38, 121, 195, 14, 326, 148, 234, 18, 55, 131, 234, 361, 824, 5, 81,
623, 48, 961, 19, 26, 33, 10,1101, 365, 92, 88, 181, 275, 346, 201, 206
One-time Pad.
158, 186, 223, 97, 64, 145, 190, 190, 117, 217, 163, 70, 206, 176, 183, 194,
146, 43, 248, 141, 3, 54, 72, 223, 233, 153, 91, 210, 36, 131, 244, 161,
105, 120, 113, 191, 113, 86, 19, 245, 213, 221, 43, 27, 242, 157, 73, 213,
193, 92, 166, 10, 23, 197, 112, 110, 193, 30, 156, 51, 125, 51, 158, 67,
197, 215, 59, 218, 110, 246, 181, 0, 135, 76, 164, 97, 47, 87, 234, 108,
144, 127, 6, 6, 222, 172, 80, 144, 22, 245, 207, 70, 227, 182, 146, 134,
119, 176, 73, 58, 135, 69, 23, 198, 0, 170, 32, 171, 176, 129, 91, 24,
126, 77, 248, 0, 118, 69, 57, 60, 190, 171, 217, 61, 136, 169, 196, 84,
168, 167, 163, 102, 223, 64, 174, 178, 166, 239, 242, 195, 249, 92, 59, 38,
241, 46, 236, 31, 59, 114, 23, 50, 119, 186, 7, 66, 212, 97, 222, 182,
230, 118, 122, 86, 105, 92, 179, 243, 255, 189, 223, 164, 194, 215, 98, 44,
17, 20, 53, 153, 137, 224, 176, 100, 208, 114, 36, 200, 145, 150, 215, 20,
87, 44, 252, 20, 235, 242, 163, 132, 63, 18, 5, 122, 74, 97, 34, 97,
142, 86, 146, 221, 179, 166, 161, 74, 69, 182, 88, 120, 128, 58, 76, 155,
15, 30, 77, 216, 165, 117, 107, 90, 169, 127, 143, 181, 208, 137, 200, 127,
170, 195, 26, 84, 255, 132, 150, 58, 103, 250, 120, 221, 237, 37, 8, 99
Implementation
A non-US based programmer who has never seen any encryption code before will
shortly be implementing RRC.2 based solely on this specification and not on
knowledge of any other encryption algorithms. Stand by.

View file

@ -1,22 +0,0 @@
1.1 23/08/96 - eay
Changed RC2_set_key() so it now takes another argument. Many
thanks to Peter Gutmann <pgut01@cs.auckland.ac.nz> for the
clarification and original specification of RC2. BSAFE uses
this last parameter, 'bits'. It the key is 128 bits, BSAFE
also sets this parameter to 128. The old behaviour can be
duplicated by setting this parameter to 1024.
1.0 08/04/96 - eay
First version of SSLeay with rc2. This has been written from the spec
posted sci.crypt. It is in this directory under rrc2.doc
I have no test values for any mode other than ecb, my wrappers for the
other modes should be ok since they are basically the same as
the ones taken from idea and des :-). I have implemented them as
little-endian operators.
While rc2 is included because it is used with SSL, I don't know how
far I trust it. It is about the same speed as IDEA and DES.
So if you are paranoid, used Tripple DES, else IDEA. If RC2
does get used more, perhaps more people will look for weaknesses in
it.

View file

@ -1,70 +0,0 @@
//
// gettsc.inl
//
// gives access to the Pentium's (secret) cycle counter
//
// This software was written by Leonard Janke (janke@unixg.ubc.ca)
// in 1996-7 and is entered, by him, into the public domain.
#if defined(__WATCOMC__)
void GetTSC(unsigned long&);
#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
#elif defined(__GNUC__)
inline
void GetTSC(unsigned long& tsc)
{
asm volatile(".byte 15, 49\n\t"
: "=eax" (tsc)
:
: "%edx", "%eax");
}
#elif defined(_MSC_VER)
inline
void GetTSC(unsigned long& tsc)
{
unsigned long a;
__asm _emit 0fh
__asm _emit 31h
__asm mov a, eax;
tsc=a;
}
#endif
#include <stdio.h>
#include <stdlib.h>
#include <openssl/rc5.h>
void main(int argc,char *argv[])
{
RC5_32_KEY key;
unsigned long s1,s2,e1,e2;
unsigned long data[2];
int i,j;
static unsigned char d[16]={0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
RC5_32_set_key(&key, 16,d,12);
for (j=0; j<6; j++)
{
for (i=0; i<1000; i++) /**/
{
RC5_32_encrypt(&data[0],&key);
GetTSC(s1);
RC5_32_encrypt(&data[0],&key);
RC5_32_encrypt(&data[0],&key);
RC5_32_encrypt(&data[0],&key);
GetTSC(e1);
GetTSC(s2);
RC5_32_encrypt(&data[0],&key);
RC5_32_encrypt(&data[0],&key);
RC5_32_encrypt(&data[0],&key);
RC5_32_encrypt(&data[0],&key);
GetTSC(e2);
RC5_32_encrypt(&data[0],&key);
}
printf("cast %d %d (%d)\n",
e1-s1,e2-s2,((e2-s2)-(e1-s1)));
}
}

View file

@ -1 +0,0 @@
C2.pl works

View file

@ -1 +0,0 @@
perl ../util/mkerr.pl -conf e_capi.ec -nostatic -staticloader -write e_capi.c

View file

@ -1,68 +0,0 @@
#!/bin/sh
PROG=$1
if [ -x $PROG ]; then
if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
:
else
echo "$PROG is not OpenSSL executable"
exit 1
fi
else
echo "$PROG is not executable"
exit 1;
fi
if [ 1 ]; then
HASH=`cat $PROG | $PROG dgst -hex`
AES_ALGS=" aes-128-ctr aes-128-ecb aes-128-cbc aes-128-cfb aes-128-ofb \
aes-192-ctr aes-192-ecb aes-192-cbc aes-192-cfb aes-192-ofb \
aes-256-ctr aes-256-ecb aes-256-cbc aes-256-cfb aes-256-ofb"
BUFSIZE="16 32 48 64 80 96 128 144 999"
nerr=0
for alg in $AES_ALGS; do
echo $alg
for bufsize in $BUFSIZE; do
TEST=`( cat $PROG | \
$PROG enc -e -k "$HASH" -$alg -bufsize $bufsize | \
env OPENSSL_ia32cap=~0x0200000000000000 $PROG enc -d -k "$HASH" -$alg | \
$PROG dgst -hex ) 2>/dev/null`
if [ "$TEST" != "$HASH" ]; then
echo "-$alg/$bufsize encrypt test failed"
nerr=`expr $nerr + 1`
fi
done
for bufsize in $BUFSIZE; do
TEST=`( cat $PROG | \
env OPENSSL_ia32cap=~0x0200000000000000 $PROG enc -e -k "$HASH" -$alg | \
$PROG enc -d -k "$HASH" -$alg -bufsize $bufsize | \
$PROG dgst -hex ) 2>/dev/null`
if [ "$TEST" != "$HASH" ]; then
echo "-$alg/$bufsize decrypt test failed"
nerr=`expr $nerr + 1`
fi
done
TEST=`( cat $PROG | \
$PROG enc -e -k "$HASH" -$alg | \
$PROG enc -d -k "$HASH" -$alg | \
$PROG dgst -hex ) 2>/dev/null`
if [ "$TEST" != "$HASH" ]; then
echo "-$alg en/decrypt test failed"
nerr=`expr $nerr + 1`
fi
done
if [ $nerr -gt 0 ]; then
echo "AESNI engine test failed."
exit 1;
fi
else
echo "AESNI engine is not available"
fi
exit 0

View file

@ -1,64 +0,0 @@
#!/bin/sh
PROG=$1
if [ -x $PROG ]; then
if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
:
else
echo "$PROG is not OpenSSL executable"
exit 1
fi
else
echo "$PROG is not executable"
exit 1;
fi
if $PROG engine padlock | grep -v no-ACE; then
HASH=`cat $PROG | $PROG dgst -hex`
ACE_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \
aes-128-cbc aes-192-cbc aes-256-cbc \
aes-128-cfb aes-192-cfb aes-256-cfb \
aes-128-ofb aes-192-ofb aes-256-ofb"
nerr=0
for alg in $ACE_ALGS; do
echo $alg
TEST=`( cat $PROG | \
$PROG enc -e -k "$HASH" -$alg -bufsize 999 -engine padlock | \
$PROG enc -d -k "$HASH" -$alg | \
$PROG dgst -hex ) 2>/dev/null`
if [ "$TEST" != "$HASH" ]; then
echo "-$alg encrypt test failed"
nerr=`expr $nerr + 1`
fi
TEST=`( cat $PROG | \
$PROG enc -e -k "$HASH" -$alg | \
$PROG enc -d -k "$HASH" -$alg -bufsize 999 -engine padlock | \
$PROG dgst -hex ) 2>/dev/null`
if [ "$TEST" != "$HASH" ]; then
echo "-$alg decrypt test failed"
nerr=`expr $nerr + 1`
fi
TEST=`( cat $PROG | \
$PROG enc -e -k "$HASH" -$alg -engine padlock | \
$PROG enc -d -k "$HASH" -$alg -engine padlock | \
$PROG dgst -hex ) 2>/dev/null`
if [ "$TEST" != "$HASH" ]; then
echo "-$alg en/decrypt test failed"
nerr=`expr $nerr + 1`
fi
done
if [ $nerr -gt 0 ]; then
echo "PadLock ACE test failed."
exit 1;
fi
else
echo "PadLock ACE is not available"
fi
exit 0

View file

@ -1,70 +0,0 @@
#!/bin/sh
PROG=$1
if [ -x $PROG ]; then
if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
:
else
echo "$PROG is not OpenSSL executable"
exit 1
fi
else
echo "$PROG is not executable"
exit 1;
fi
if [ 1 ]; then
HASH=`cat $PROG | $PROG dgst -hex`
AES_ALGS=" des-cbc des-ede-cbc des-ede3-cbc \
camellia-128-cbc camellia-128-cfb \
camellia-192-cbc camellia-192-cfb \
camellia-256-cbc camellia-256-cfb \
aes-128-ctr aes-128-cbc aes-128-cfb aes-128-ofb \
aes-192-ctr aes-192-cbc aes-192-cfb aes-192-ofb \
aes-256-ctr aes-256-cbc aes-256-cfb aes-256-ofb"
BUFSIZE="16 32 48 999"
nerr=0
for alg in $AES_ALGS; do
echo $alg
for bufsize in $BUFSIZE; do
TEST=`( cat $PROG | \
$PROG enc -e -k "$HASH" -$alg -bufsize $bufsize | \
env OPENSSL_sparcv9cap=0 $PROG enc -d -k "$HASH" -$alg | \
$PROG dgst -hex ) 2>/dev/null`
if [ "$TEST" != "$HASH" ]; then
echo "-$alg/$bufsize encrypt test failed"
nerr=`expr $nerr + 1`
fi
done
for bufsize in $BUFSIZE; do
TEST=`( cat $PROG | \
env OPENSSL_sparcv9cap=0 $PROG enc -e -k "$HASH" -$alg | \
$PROG enc -d -k "$HASH" -$alg -bufsize $bufsize | \
$PROG dgst -hex ) 2>/dev/null`
if [ "$TEST" != "$HASH" ]; then
echo "-$alg/$bufsize decrypt test failed"
nerr=`expr $nerr + 1`
fi
done
TEST=`( cat $PROG | \
$PROG enc -e -k "$HASH" -$alg | \
$PROG enc -d -k "$HASH" -$alg | \
$PROG dgst -hex ) 2>/dev/null`
if [ "$TEST" != "$HASH" ]; then
echo "-$alg en/decrypt test failed"
nerr=`expr $nerr + 1`
fi
done
if [ $nerr -gt 0 ]; then
echo "SPARC T4 test failed."
exit 1
fi
fi
exit 0

View file

@ -1,113 +0,0 @@
More number for the questions about SSL overheads....
The following numbers were generated on a Pentium pro 200, running Linux.
They give an indication of the SSL protocol and encryption overheads.
The program that generated them is an unreleased version of ssl/ssltest.c
which is the SSLeay ssl protocol testing program. It is a single process that
talks both sides of the SSL protocol via a non-blocking memory buffer
interface.
How do I read this? The protocol and cipher are reasonable obvious.
The next number is the number of connections being made. The next is the
number of bytes exchanged between the client and server side of the protocol.
This is the number of bytes that the client sends to the server, and then
the server sends back. Because this is all happening in one process,
the data is being encrypted, decrypted, encrypted and then decrypted again.
It is a round trip of that many bytes. Because the one process performs
both the client and server sides of the protocol and it sends this many bytes
each direction, multiply this number by 4 to generate the number
of bytes encrypted/decrypted/MACed. The first time value is how many seconds
elapsed doing a full SSL handshake, the second is the cost of one
full handshake and the rest being session-id reuse.
SSLv2 RC4-MD5 1000 x 1 12.83s 0.70s
SSLv3 NULL-MD5 1000 x 1 14.35s 1.47s
SSLv3 RC4-MD5 1000 x 1 14.46s 1.56s
SSLv3 RC4-MD5 1000 x 1 51.93s 1.62s 1024bit RSA
SSLv3 RC4-SHA 1000 x 1 14.61s 1.83s
SSLv3 DES-CBC-SHA 1000 x 1 14.70s 1.89s
SSLv3 DES-CBC3-SHA 1000 x 1 15.16s 2.16s
SSLv2 RC4-MD5 1000 x 1024 13.72s 1.27s
SSLv3 NULL-MD5 1000 x 1024 14.79s 1.92s
SSLv3 RC4-MD5 1000 x 1024 52.58s 2.29s 1024bit RSA
SSLv3 RC4-SHA 1000 x 1024 15.39s 2.67s
SSLv3 DES-CBC-SHA 1000 x 1024 16.45s 3.55s
SSLv3 DES-CBC3-SHA 1000 x 1024 18.21s 5.38s
SSLv2 RC4-MD5 1000 x 10240 18.97s 6.52s
SSLv3 NULL-MD5 1000 x 10240 17.79s 5.11s
SSLv3 RC4-MD5 1000 x 10240 20.25s 7.90s
SSLv3 RC4-MD5 1000 x 10240 58.26s 8.08s 1024bit RSA
SSLv3 RC4-SHA 1000 x 10240 22.96s 11.44s
SSLv3 DES-CBC-SHA 1000 x 10240 30.65s 18.41s
SSLv3 DES-CBC3-SHA 1000 x 10240 47.04s 34.53s
SSLv2 RC4-MD5 1000 x 102400 70.22s 57.74s
SSLv3 NULL-MD5 1000 x 102400 43.73s 31.03s
SSLv3 RC4-MD5 1000 x 102400 71.32s 58.83s
SSLv3 RC4-MD5 1000 x 102400 109.66s 59.20s 1024bit RSA
SSLv3 RC4-SHA 1000 x 102400 95.88s 82.21s
SSLv3 DES-CBC-SHA 1000 x 102400 173.22s 160.55s
SSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s
What does this all mean? Well for a server, with no session-id reuse, with
a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key,
a Pentium pro 200 running Linux can handle the SSLv3 protocol overheads of
about 49 connections a second. Reality will be quite different :-).
Remember the first number is 1000 full ssl handshakes, the second is
1 full and 999 with session-id reuse. The RSA overheads for each exchange
would be one public and one private operation, but the protocol/MAC/cipher
cost would be quite similar in both the client and server.
eric (adding numbers to speculation)
--- Appendix ---
- The time measured is user time but these number a very rough.
- Remember this is the cost of both client and server sides of the protocol.
- The TCP/kernel overhead of connection establishment is normally the
killer in SSL. Often delays in the TCP protocol will make session-id
reuse look slower that new sessions, but this would not be the case on
a loaded server.
- The TCP round trip latencies, while slowing individual connections,
would have minimal impact on throughput.
- Instead of sending one 102400 byte buffer, one 8k buffer is sent until
- the required number of bytes are processed.
- The SSLv3 connections were actually SSLv2 compatible SSLv3 headers.
- A 512bit server key was being used except where noted.
- No server key verification was being performed on the client side of the
protocol. This would slow things down very little.
- The library being used is SSLeay 0.8.x.
- The normal measuring system was commands of the form
time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse
This modified version of ssltest should be in the next public release of
SSLeay.
The general cipher performance number for this platform are
SSLeay 0.8.2a 04-Sep-1997
built on Fri Sep 5 17:37:05 EST 1997
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
The 'numbers' are in 1000s of bytes per second processed.
type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md2 131.02k 368.41k 500.57k 549.21k 566.09k
mdc2 535.60k 589.10k 595.88k 595.97k 594.54k
md5 1801.53k 9674.77k 17484.03k 21849.43k 23592.96k
sha 1261.63k 5533.25k 9285.63k 11187.88k 11913.90k
sha1 1103.13k 4782.53k 7933.78k 9472.34k 10070.70k
rc4 10722.53k 14443.93k 15215.79k 15299.24k 15219.59k
des cbc 3286.57k 3827.73k 3913.39k 3931.82k 3926.70k
des ede3 1443.50k 1549.08k 1561.17k 1566.38k 1564.67k
idea cbc 2203.64k 2508.16k 2538.33k 2543.62k 2547.71k
rc2 cbc 1430.94k 1511.59k 1524.82k 1527.13k 1523.33k
blowfish cbc 4716.07k 5965.82k 6190.17k 6243.67k 6234.11k
sign verify
rsa 512 bits 0.0100s 0.0011s
rsa 1024 bits 0.0451s 0.0012s
rsa 2048 bits 0.2605s 0.0086s
rsa 4096 bits 1.6883s 0.0302s

View file

@ -1,9 +0,0 @@
#!/bin/sh
# print out the hash values
#
for i in $*
do
h=`openssl x509 -hash -noout -in $i`
echo "$h.0 => $i"
done

View file

@ -1,12 +0,0 @@
#!/bin/sh
#
# print the subject
#
for i in $*
do
n=`openssl x509 -subject -issuer -enddate -noout -in $i`
echo "$i"
echo "$n"
echo "--------"
done

View file

@ -1,10 +0,0 @@
#!/bin/sh
#
# print out the issuer
#
for i in $*
do
n=`openssl x509 -issuer -noout -in $i`
echo "$i $n"
done

View file

@ -1,10 +0,0 @@
#!/bin/sh
#
# print the subject
#
for i in $*
do
n=`openssl x509 -subject -noout -in $i`
echo "$i $n"
done

View file

@ -1,21 +0,0 @@
primes = [2, 3, 5, 7, 11]
safe = False # Not sure if the period's right on safe primes.
muliplier = 1 if not safe else 2
for p in primes:
muliplier *= p
offsets = []
for x in range(3, muliplier + 3, 2):
prime = True
for p in primes:
if not x % p or (safe and not ((x - 1) / 2) % p):
prime = False
break
if prime:
offsets.append(x)
print(offsets)
print(len(offsets))
print(muliplier)

View file

@ -1,26 +0,0 @@
#!/bin/sh
## Wrapper to portably run makedepend or equivalent compiler built-in.
## Runs on Makefile.in, generates Makefile
## {- join("\n## ", @autowarntext) -}
{- "MAKEDEPEND=" . quotify1($config{makedepprog}) -}
case "${MAKEDEPEND}" in
cat)
;;
makedepend)
${MAKEDEPEND} $@ || exit 1
;;
*)
args="-Werror -MM"
while [ $# -gt 0 ]; do
if [ "$1" != '--' ] ; then
args="$args $1"
fi
shift
done
sed -e '/DO NOT DELETE THIS LINE/q' Makefile >Makefile.tmp
${MAKEDEPEND} $args >>Makefile.tmp || exit 1
mv Makefile.tmp Makefile
;;
esac

View file

@ -1,108 +0,0 @@
#!/bin/sh
#
# install - install a program, script, or datafile
# This comes from X11R5; it is not part of GNU.
#
# $XConsortium: install.sh,v 1.2 89/12/18 14:47:22 jim Exp $
#
# This script is compatible with the BSD install script, but was written
# from scratch.
#
# set DOITPROG to echo to test this script
doit="${DOITPROG:-}"
# put in absolute paths if you don't have them in your path; or use env. vars.
mvprog="${MVPROG:-mv}"
cpprog="${CPPROG:-cp}"
chmodprog="${CHMODPROG:-chmod}"
chownprog="${CHOWNPROG:-chown}"
chgrpprog="${CHGRPPROG:-chgrp}"
stripprog="${STRIPPROG:-strip}"
rmprog="${RMPROG:-rm}"
instcmd="$mvprog"
chmodcmd=""
chowncmd=""
chgrpcmd=""
stripcmd=""
rmcmd="$rmprog -f"
src=""
dst=""
while [ x"$1" != x ]; do
case $1 in
-c) instcmd="$cpprog"
shift
continue;;
-m) chmodcmd="$chmodprog $2"
shift
shift
continue;;
-o) chowncmd="$chownprog $2"
shift
shift
continue;;
-g) chgrpcmd="$chgrpprog $2"
shift
shift
continue;;
-s) stripcmd="$stripprog"
shift
continue;;
*) if [ x"$src" = x ]
then
src=$1
else
dst=$1
fi
shift
continue;;
esac
done
if [ x"$src" = x ]
then
echo "install: no input file specified"
exit 1
fi
if [ x"$dst" = x ]
then
echo "install: no destination specified"
exit 1
fi
# if destination is a directory, append the input filename; if your system
# does not like double slashes in filenames, you may need to add some logic
if [ -d $dst ]
then
dst="$dst"/`basename $src`
fi
# get rid of the old one and mode the new one in
$doit $rmcmd $dst
$doit $instcmd $src $dst
# and set any options; do chmod last to preserve setuid bits
if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; fi
if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; fi
if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; fi
if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; fi
exit 0

View file

@ -1,17 +0,0 @@
#! /bin/sh
#
# Very simple script to detect and convert files that we want to re-encode to UTF8
git ls-tree -r --name-only HEAD | \
while read F; do
charset=`file -bi "$F" | sed -e 's|.*charset=||'`
if [ "$charset" != "utf-8" -a "$charset" != "binary" -a "$charset" != "us-ascii" ]; then
iconv -f ISO-8859-1 -t UTF8 < "$F" > "$F.utf8" && \
( cmp -s "$F" "$F.utf8" || \
( echo "$F"
mv "$F" "$F.iso-8859-1"
mv "$F.utf8" "$F"
)
)
fi
done