diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index e20b63210a..7cdad23370 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -93,9 +93,7 @@ GENERATED={- join(" ", {- output_off() if $disabled{apps}; "" -} BIN_SCRIPTS=$(BLDDIR)/tools/c_rehash -MISC_SCRIPTS=$(SRCDIR)/tools/c_hash $(SRCDIR)/tools/c_info \ - $(SRCDIR)/tools/c_issuer $(SRCDIR)/tools/c_name \ - $(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget +MISC_SCRIPTS=$(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget {- output_on() if $disabled{apps}; "" -} SHLIB_INFO={- join(" ", map { "\"".shlib($_).";".shlib_simple($_)."\"" } @{$unified_info{libraries}}) -} diff --git a/crypto/bf/COPYRIGHT b/crypto/bf/COPYRIGHT deleted file mode 100644 index 6857223506..0000000000 --- a/crypto/bf/COPYRIGHT +++ /dev/null @@ -1,46 +0,0 @@ -Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) -All rights reserved. - -This package is an Blowfish implementation written -by Eric Young (eay@cryptsoft.com). - -This library is free for commercial and non-commercial use as long as -the following conditions are aheared to. The following conditions -apply to all code found in this distribution. - -Copyright remains Eric Young's, and as such any Copyright notices in -the code are not to be removed. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. All advertising materials mentioning features or use of this software - must display the following acknowledgement: - This product includes software developed by Eric Young (eay@cryptsoft.com) - -THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - -The license and distribution terms for any publically available version or -derivative of this code cannot be changed. i.e. this code cannot simply be -copied and put under another distrubution license -[including the GNU Public License.] - -The reason behind this being stated in this direct manner is past -experience in code simply being copied and the attribution removed -from it and then being distributed as part of other packages. This -implementation was a non-trivial and unpaid effort. diff --git a/crypto/bf/INSTALL b/crypto/bf/INSTALL deleted file mode 100644 index 3b25923532..0000000000 --- a/crypto/bf/INSTALL +++ /dev/null @@ -1,14 +0,0 @@ -This Eric Young's blowfish implementation, taken from his SSLeay library -and made available as a separate library. - -The version number (0.7.2m) is the SSLeay version that this library was -taken from. - -To build, just unpack and type make. -If you are not using gcc, edit the Makefile. -If you are compiling for an x86 box, try the assembler (it needs improving). -There are also some compile time options that can improve performance, -these are documented in the Makefile. - -eric 15-Apr-1997 - diff --git a/crypto/bf/VERSION b/crypto/bf/VERSION deleted file mode 100644 index be995855e4..0000000000 --- a/crypto/bf/VERSION +++ /dev/null @@ -1,6 +0,0 @@ -The version numbers will follow my SSL implementation - -0.7.2r - Some reasonable default compiler options from - Peter Gutman - -0.7.2m - the first release diff --git a/crypto/bf/bfs.cpp b/crypto/bf/bfs.cpp deleted file mode 100644 index d74c457760..0000000000 --- a/crypto/bf/bfs.cpp +++ /dev/null @@ -1,67 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke@unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include -#include -#include - -void main(int argc,char *argv[]) - { - BF_KEY key; - unsigned long s1,s2,e1,e2; - unsigned long data[2]; - int i,j; - - for (j=0; j<6; j++) - { - for (i=0; i<1000; i++) /**/ - { - BF_encrypt(&data[0],&key); - GetTSC(s1); - BF_encrypt(&data[0],&key); - BF_encrypt(&data[0],&key); - BF_encrypt(&data[0],&key); - GetTSC(e1); - GetTSC(s2); - BF_encrypt(&data[0],&key); - BF_encrypt(&data[0],&key); - BF_encrypt(&data[0],&key); - BF_encrypt(&data[0],&key); - GetTSC(e2); - BF_encrypt(&data[0],&key); - } - - printf("blowfish %d %d (%d)\n", - e1-s1,e2-s2,((e2-s2)-(e1-s1))); - } - } - diff --git a/crypto/cast/casts.cpp b/crypto/cast/casts.cpp deleted file mode 100644 index 8d7bd468d2..0000000000 --- a/crypto/cast/casts.cpp +++ /dev/null @@ -1,70 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke@unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include -#include -#include - -void main(int argc,char *argv[]) - { - CAST_KEY key; - unsigned long s1,s2,e1,e2; - unsigned long data[2]; - int i,j; - static unsigned char d[16]={0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}; - - CAST_set_key(&key, 16,d); - - for (j=0; j<6; j++) - { - for (i=0; i<1000; i++) /**/ - { - CAST_encrypt(&data[0],&key); - GetTSC(s1); - CAST_encrypt(&data[0],&key); - CAST_encrypt(&data[0],&key); - CAST_encrypt(&data[0],&key); - GetTSC(e1); - GetTSC(s2); - CAST_encrypt(&data[0],&key); - CAST_encrypt(&data[0],&key); - CAST_encrypt(&data[0],&key); - CAST_encrypt(&data[0],&key); - GetTSC(e2); - CAST_encrypt(&data[0],&key); - } - - printf("cast %d %d (%d)\n", - e1-s1,e2-s2,((e2-s2)-(e1-s1))); - } - } - diff --git a/crypto/des/COPYRIGHT b/crypto/des/COPYRIGHT deleted file mode 100644 index 5469e1e469..0000000000 --- a/crypto/des/COPYRIGHT +++ /dev/null @@ -1,50 +0,0 @@ -Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) -All rights reserved. - -This package is an DES implementation written by Eric Young (eay@cryptsoft.com). -The implementation was written so as to conform with MIT's libdes. - -This library is free for commercial and non-commercial use as long as -the following conditions are aheared to. The following conditions -apply to all code found in this distribution. - -Copyright remains Eric Young's, and as such any Copyright notices in -the code are not to be removed. -If this package is used in a product, Eric Young should be given attribution -as the author of that the SSL library. This can be in the form of a textual -message at program startup or in documentation (online or textual) provided -with the package. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. All advertising materials mentioning features or use of this software - must display the following acknowledgement: - This product includes software developed by Eric Young (eay@cryptsoft.com) - -THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - -The license and distribution terms for any publically available version or -derivative of this code cannot be changed. i.e. this code cannot simply be -copied and put under another distrubution license -[including the GNU Public License.] - -The reason behind this being stated in this direct manner is past -experience in code simply being copied and the attribution removed -from it and then being distributed as part of other packages. This -implementation was a non-trivial and unpaid effort. diff --git a/crypto/des/asm/readme b/crypto/des/asm/readme deleted file mode 100644 index 1beafe253b..0000000000 --- a/crypto/des/asm/readme +++ /dev/null @@ -1,131 +0,0 @@ -First up, let me say I don't like writing in assembler. It is not portable, -dependant on the particular CPU architecture release and is generally a pig -to debug and get right. Having said that, the x86 architecture is probably -the most important for speed due to number of boxes and since -it appears to be the worst architecture to to get -good C compilers for. So due to this, I have lowered myself to do -assembler for the inner DES routines in libdes :-). - -The file to implement in assembler is des_enc.c. Replace the following -4 functions -des_encrypt1(DES_LONG data[2],des_key_schedule ks, int encrypt); -des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt); -des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3); -des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3); - -They encrypt/decrypt the 64 bits held in 'data' using -the 'ks' key schedules. The only difference between the 4 functions is that -des_encrypt2() does not perform IP() or FP() on the data (this is an -optimization for when doing triple DES and des_encrypt3() and des_decrypt3() -perform triple des. The triple DES routines are in here because it does -make a big difference to have them located near the des_encrypt2 function -at link time.. - -Now as we all know, there are lots of different operating systems running on -x86 boxes, and unfortunately they normally try to make sure their assembler -formating is not the same as the other peoples. -The 4 main formats I know of are -Microsoft Windows 95/Windows NT -Elf Includes Linux and FreeBSD(?). -a.out The older Linux. -Solaris Same as Elf but different comments :-(. - -Now I was not overly keen to write 4 different copies of the same code, -so I wrote a few perl routines to output the correct assembler, given -a target assembler type. This code is ugly and is just a hack. -The libraries are x86unix.pl and x86ms.pl. -des586.pl, des686.pl and des-som[23].pl are the programs to actually -generate the assembler. - -So to generate elf assembler -perl des-som3.pl elf >dx86-elf.s -For Windows 95/NT -perl des-som2.pl win32 >win32.asm - -[ update 4 Jan 1996 ] -I have added another way to do things. -perl des-som3.pl cpp >dx86-cpp.s -generates a file that will be included by dx86unix.cpp when it is compiled. -To build for elf, a.out, solaris, bsdi etc, -cc -E -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o -cc -E -DSOL asm/dx86unix.cpp | as -o asm/dx86-sol.o -cc -E -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o -cc -E -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o -This was done to cut down the number of files in the distribution. - -Now the ugly part. I acquired my copy of Intels -"Optimization's For Intel's 32-Bit Processors" and found a few interesting -things. First, the aim of the exersize is to 'extract' one byte at a time -from a word and do an array lookup. This involves getting the byte from -the 4 locations in the word and moving it to a new word and doing the lookup. -The most obvious way to do this is -xor eax, eax # clear word -movb al, cl # get low byte -xor edi DWORD PTR 0x100+des_SP[eax] # xor in word -movb al, ch # get next byte -xor edi DWORD PTR 0x300+des_SP[eax] # xor in word -shr ecx 16 -which seems ok. For the pentium, this system appears to be the best. -One has to do instruction interleaving to keep both functional units -operating, but it is basically very efficient. - -Now the crunch. When a full register is used after a partial write, eg. -mov al, cl -xor edi, DWORD PTR 0x100+des_SP[eax] -386 - 1 cycle stall -486 - 1 cycle stall -586 - 0 cycle stall -686 - at least 7 cycle stall (page 22 of the above mentioned document). - -So the technique that produces the best results on a pentium, according to -the documentation, will produce hideous results on a pentium pro. - -To get around this, des686.pl will generate code that is not as fast on -a pentium, should be very good on a pentium pro. -mov eax, ecx # copy word -shr ecx, 8 # line up next byte -and eax, 0fch # mask byte -xor edi DWORD PTR 0x100+des_SP[eax] # xor in array lookup -mov eax, ecx # get word -shr ecx 8 # line up next byte -and eax, 0fch # mask byte -xor edi DWORD PTR 0x300+des_SP[eax] # xor in array lookup - -Due to the execution units in the pentium, this actually works quite well. -For a pentium pro it should be very good. This is the type of output -Visual C++ generates. - -There is a third option. instead of using -mov al, ch -which is bad on the pentium pro, one may be able to use -movzx eax, ch -which may not incur the partial write penalty. On the pentium, -this instruction takes 4 cycles so is not worth using but on the -pentium pro it appears it may be worth while. I need access to one to -experiment :-). - -eric (20 Oct 1996) - -22 Nov 1996 - I have asked people to run the 2 different version on pentium -pros and it appears that the intel documentation is wrong. The -mov al,bh is still faster on a pentium pro, so just use the des586.pl -install des686.pl - -3 Dec 1996 - I added des_encrypt3/des_decrypt3 because I have moved these -functions into des_enc.c because it does make a massive performance -difference on some boxes to have the functions code located close to -the des_encrypt2() function. - -9 Jan 1997 - des-som2.pl is now the correct perl script to use for -pentiums. It contains an inner loop from -Svend Olaf Mikkelsen which does raw ecb DES calls at -273,000 per second. He had a previous version at 250,000 and the best -I was able to get was 203,000. The content has not changed, this is all -due to instruction sequencing (and actual instructions choice) which is able -to keep both functional units of the pentium going. -We may have lost the ugly register usage restrictions when x86 went 32 bit -but for the pentium it has been replaced by evil instruction ordering tricks. - -13 Jan 1997 - des-som3.pl, more optimizations from Svend Olaf. -raw DES at 281,000 per second on a pentium 100. - diff --git a/crypto/dh/example b/crypto/dh/example deleted file mode 100644 index 16a33d2910..0000000000 --- a/crypto/dh/example +++ /dev/null @@ -1,50 +0,0 @@ -From owner-cypherpunks@toad.com Mon Sep 25 10:50:51 1995 -Received: from minbne.mincom.oz.au by orb.mincom.oz.au with SMTP id AA10562 - (5.65c/IDA-1.4.4 for eay); Wed, 27 Sep 1995 19:41:55 +1000 -Received: by minbne.mincom.oz.au id AA19958 - (5.65c/IDA-1.4.4 for eay@orb.mincom.oz.au); Wed, 27 Sep 1995 19:34:59 +1000 -Received: from relay3.UU.NET by bunyip.cc.uq.oz.au with SMTP (PP); - Wed, 27 Sep 1995 19:13:05 +1000 -Received: from toad.com by relay3.UU.NET with SMTP id QQzizb16156; - Wed, 27 Sep 1995 04:48:46 -0400 -Received: by toad.com id AA07905; Tue, 26 Sep 95 06:31:45 PDT -Received: from by toad.com id AB07851; Tue, 26 Sep 95 06:31:40 PDT -Received: from servo.qualcomm.com (servo.qualcomm.com [129.46.128.14]) - by cygnus.com (8.6.12/8.6.9) with ESMTP id RAA18442 - for ; Mon, 25 Sep 1995 17:52:47 -0700 -Received: (karn@localhost) by servo.qualcomm.com (8.6.12/QC-BSD-2.5.1) - id RAA14732; Mon, 25 Sep 1995 17:50:51 -0700 -Date: Mon, 25 Sep 1995 17:50:51 -0700 -From: Phil Karn -Message-Id: <199509260050.RAA14732@servo.qualcomm.com> -To: cypherpunks@toad.com, ipsec-dev@eit.com -Subject: Primality verification needed -Sender: owner-cypherpunks@toad.com -Precedence: bulk -Status: RO -X-Status: - -Hi. I've generated a 2047-bit "strong" prime number that I would like to -use with Diffie-Hellman key exchange. I assert that not only is this number -'p' prime, but so is (p-1)/2. - -I've used the mpz_probab_prime() function in the Gnu Math Package (GMP) version -1.3.2 to test this number. This function uses the Miller-Rabin primality test. -However, to increase my confidence that this number really is a strong prime, -I'd like to ask others to confirm it with other tests. Here's the number in hex: - -72a925f760b2f954ed287f1b0953f3e6aef92e456172f9fe86fdd8822241b9c9788fbc289982743e -fbcd2ccf062b242d7a567ba8bbb40d79bca7b8e0b6c05f835a5b938d985816bc648985adcff5402a -a76756b36c845a840a1d059ce02707e19cf47af0b5a882f32315c19d1b86a56c5389c5e9bee16b65 -fde7b1a8d74a7675de9b707d4c5a4633c0290c95ff30a605aeb7ae864ff48370f13cf01d49adb9f2 -3d19a439f753ee7703cf342d87f431105c843c78ca4df639931f3458fae8a94d1687e99a76ed99d0 -ba87189f42fd31ad8262c54a8cf5914ae6c28c540d714a5f6087a171fb74f4814c6f968d72386ef3 -56a05180c3bec7ddd5ef6fe76b1f717b - -The generator, g, for this prime is 2. - -Thanks! - -Phil Karn - - diff --git a/crypto/dh/generate b/crypto/dh/generate deleted file mode 100644 index 5d407231df..0000000000 --- a/crypto/dh/generate +++ /dev/null @@ -1,65 +0,0 @@ -From: stewarts@ix.netcom.com (Bill Stewart) -Newsgroups: sci.crypt -Subject: Re: Diffie-Hellman key exchange -Date: Wed, 11 Oct 1995 23:08:28 GMT -Organization: Freelance Information Architect -Lines: 32 -Message-ID: <45hir2$7l8@ixnews7.ix.netcom.com> -References: <458rhn$76m$1@mhadf.production.compuserve.com> -NNTP-Posting-Host: ix-pl4-16.ix.netcom.com -X-NETCOM-Date: Wed Oct 11 4:09:22 PM PDT 1995 -X-Newsreader: Forte Free Agent 1.0.82 - -Kent Briggs <72124.3234@CompuServe.COM> wrote: - ->I have a copy of the 1976 IEEE article describing the ->Diffie-Hellman public key exchange algorithm: y=a^x mod q. I'm ->looking for sources that give examples of secure a,q pairs and ->possible some source code that I could examine. - -q should be prime, and ideally should be a "strong prime", -which means it's of the form 2n+1 where n is also prime. -q also needs to be long enough to prevent the attacks LaMacchia and -Odlyzko described (some variant on a factoring attack which generates -a large pile of simultaneous equations and then solves them); -long enough is about the same size as factoring, so 512 bits may not -be secure enough for most applications. (The 192 bits used by -"secure NFS" was certainly not long enough.) - -a should be a generator for q, which means it needs to be -relatively prime to q-1. Usually a small prime like 2, 3 or 5 will -work. - -.... - -Date: Tue, 26 Sep 1995 13:52:36 MST -From: "Richard Schroeppel" -To: karn -Cc: ho@cs.arizona.edu -Subject: random large primes - -Since your prime is really random, proving it is hard. -My personal limit on rigorously proved primes is ~350 digits. -If you really want a proof, we should talk to Francois Morain, -or the Australian group. - -If you want 2 to be a generator (mod P), then you need it -to be a non-square. If (P-1)/2 is also prime, then -non-square == primitive-root for bases << P. - -In the case at hand, this means 2 is a generator iff P = 11 (mod 24). -If you want this, you should restrict your sieve accordingly. - -3 is a generator iff P = 5 (mod 12). - -5 is a generator iff P = 3 or 7 (mod 10). - -2 is perfectly usable as a base even if it's a non-generator, since -it still covers half the space of possible residues. And an -eavesdropper can always determine the low-bit of your exponent for -a generator anyway. - -Rich rcs@cs.arizona.edu - - - diff --git a/crypto/dsa/fips186a.txt b/crypto/dsa/fips186a.txt deleted file mode 100644 index 974f255070..0000000000 --- a/crypto/dsa/fips186a.txt +++ /dev/null @@ -1,122 +0,0 @@ -The original FIPE 180 used SHA-0 (FIPS 180) for its appendix 5 -examples. This is an updated version that uses SHA-1 (FIPS 180-1) -supplied to me by Wei Dai --- - APPENDIX 5. EXAMPLE OF THE DSA - - -This appendix is for informational purposes only and is not required to meet -the standard. - -Let L = 512 (size of p). The values in this example are expressed in -hexadecimal notation. The p and q given here were generated by the prime -generation standard described in appendix 2 using the 160-bit SEED: - - d5014e4b 60ef2ba8 b6211b40 62ba3224 e0427dd3 - -With this SEED, the algorithm found p and q when the counter was at 105. - -x was generated by the algorithm described in appendix 3, section 3.1, using -the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit XSEED: - -XSEED = - - bd029bbe 7f51960b cf9edb2b 61f06f0f eb5a38b6 - -t = - 67452301 EFCDAB89 98BADCFE 10325476 C3D2E1F0 - -x = G(t,XSEED) mod q - -k was generated by the algorithm described in appendix 3, section 3.2, using -the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit KSEED: - -KSEED = - - 687a66d9 0648f993 867e121f 4ddf9ddb 01205584 - -t = - EFCDAB89 98BADCFE 10325476 C3D2E1F0 67452301 - -k = G(t,KSEED) mod q - -Finally: - -h = 2 - -p = - 8df2a494 492276aa 3d25759b b06869cb eac0d83a fb8d0cf7 - cbb8324f 0d7882e5 d0762fc5 b7210eaf c2e9adac 32ab7aac - 49693dfb f83724c2 ec0736ee 31c80291 - - -q = - c773218c 737ec8ee 993b4f2d ed30f48e dace915f - - -g = - 626d0278 39ea0a13 413163a5 5b4cb500 299d5522 956cefcb - 3bff10f3 99ce2c2e 71cb9de5 fa24babf 58e5b795 21925c9c - c42e9f6f 464b088c c572af53 e6d78802 - - -x = - 2070b322 3dba372f de1c0ffc 7b2e3b49 8b260614 - - -k = - 358dad57 1462710f 50e254cf 1a376b2b deaadfbf - - -kinv = - - 0d516729 8202e49b 4116ac10 4fc3f415 ae52f917 - -M = ASCII form of "abc" (See FIPS PUB 180-1, Appendix A) - -SHA(M) = - - a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d - - -y = - - 19131871 d75b1612 a819f29d 78d1b0d7 346f7aa7 7bb62a85 - 9bfd6c56 75da9d21 2d3a36ef 1672ef66 0b8c7c25 5cc0ec74 - 858fba33 f44c0669 9630a76b 030ee333 - - -r = - 8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0 - -s = - 41e2345f 1f56df24 58f426d1 55b4ba2d b6dcd8c8 - - -w = - 9df4ece5 826be95f ed406d41 b43edc0b 1c18841b - - -u1 = - bf655bd0 46f0b35e c791b004 804afcbb 8ef7d69d - - -u2 = - 821a9263 12e97ade abcc8d08 2b527897 8a2df4b0 - - -gu1 mod p = - - 51b1bf86 7888e5f3 af6fb476 9dd016bc fe667a65 aafc2753 - 9063bd3d 2b138b4c e02cc0c0 2ec62bb6 7306c63e 4db95bbf - 6f96662a 1987a21b e4ec1071 010b6069 - - -yu2 mod p = - - 8b510071 2957e950 50d6b8fd 376a668e 4b0d633c 1e46e665 - 5c611a72 e2b28483 be52c74d 4b30de61 a668966e dc307a67 - c19441f4 22bf3c34 08aeba1f 0a4dbec7 - -v = - 8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0 diff --git a/crypto/dso/README b/crypto/dso/README deleted file mode 100644 index d0bc9a89fb..0000000000 --- a/crypto/dso/README +++ /dev/null @@ -1,22 +0,0 @@ -NOTES ------ - -I've checked out HPUX (well, version 11 at least) and shl_t is -a pointer type so it's safe to use in the way it has been in -dso_dl.c. On the other hand, HPUX11 support dlfcn too and -according to their man page, prefer developers to move to that. -I'll leave Richard's changes there as I guess dso_dl is needed -for HPUX10.20. - -There is now a callback scheme in place where filename conversion can -(a) be turned off altogether through the use of the - DSO_FLAG_NO_NAME_TRANSLATION flag, -(b) be handled by default using the default DSO_METHOD's converter -(c) overriden per-DSO by setting the override callback -(d) a mix of (b) and (c) - eg. implement an override callback that; - (i) checks if we're win32 (if(strstr(dso->meth->name, "win32")....) - and if so, convert "blah" into "blah32.dll" (the default is - otherwise to make it "blah.dll"). - (ii) default to the normal behaviour - we're not on win32, eg. - finish with (return dso->meth->dso_name_converter(dso,NULL)). - diff --git a/crypto/idea/version b/crypto/idea/version deleted file mode 100644 index 3f22293795..0000000000 --- a/crypto/idea/version +++ /dev/null @@ -1,12 +0,0 @@ -1.1 07/12/95 - eay - Many thanks to Rhys Weatherley - for pointing out that I was assuming little endian byte - order for all quantities what idea actually used - bigendian. No where in the spec does it mention - this, it is all in terms of 16 bit numbers and even the example - does not use byte streams for the input example :-(. - If you byte swap each pair of input, keys and iv, the functions - would produce the output as the old version :-(. - -1.0 ??/??/95 - eay - First version. diff --git a/crypto/md4/md4s.cpp b/crypto/md4/md4s.cpp deleted file mode 100644 index c0ec97fc9f..0000000000 --- a/crypto/md4/md4s.cpp +++ /dev/null @@ -1,78 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke@unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include -#include -#include - -extern "C" { -void md4_block_x86(MD4_CTX *ctx, unsigned char *buffer,int num); -} - -void main(int argc,char *argv[]) - { - unsigned char buffer[64*256]; - MD4_CTX ctx; - unsigned long s1,s2,e1,e2; - unsigned char k[16]; - unsigned long data[2]; - unsigned char iv[8]; - int i,num=0,numm; - int j=0; - - if (argc >= 2) - num=atoi(argv[1]); - - if (num == 0) num=16; - if (num > 250) num=16; - numm=num+2; - num*=64; - numm*=64; - - for (j=0; j<6; j++) - { - for (i=0; i<10; i++) /**/ - { - md4_block_x86(&ctx,buffer,numm); - GetTSC(s1); - md4_block_x86(&ctx,buffer,numm); - GetTSC(e1); - GetTSC(s2); - md4_block_x86(&ctx,buffer,num); - GetTSC(e2); - md4_block_x86(&ctx,buffer,num); - } - printf("md4 (%d bytes) %d %d (%.2f)\n",num, - e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2); - } - } - diff --git a/crypto/md5/md5s.cpp b/crypto/md5/md5s.cpp deleted file mode 100644 index dd343fd4e6..0000000000 --- a/crypto/md5/md5s.cpp +++ /dev/null @@ -1,78 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke@unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include -#include -#include - -extern "C" { -void md5_block_x86(MD5_CTX *ctx, unsigned char *buffer,int num); -} - -void main(int argc,char *argv[]) - { - unsigned char buffer[64*256]; - MD5_CTX ctx; - unsigned long s1,s2,e1,e2; - unsigned char k[16]; - unsigned long data[2]; - unsigned char iv[8]; - int i,num=0,numm; - int j=0; - - if (argc >= 2) - num=atoi(argv[1]); - - if (num == 0) num=16; - if (num > 250) num=16; - numm=num+2; - num*=64; - numm*=64; - - for (j=0; j<6; j++) - { - for (i=0; i<10; i++) /**/ - { - md5_block_x86(&ctx,buffer,numm); - GetTSC(s1); - md5_block_x86(&ctx,buffer,numm); - GetTSC(e1); - GetTSC(s2); - md5_block_x86(&ctx,buffer,num); - GetTSC(e2); - md5_block_x86(&ctx,buffer,num); - } - printf("md5 (%d bytes) %d %d (%.2f)\n",num, - e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2); - } - } - diff --git a/crypto/objects/objects.README b/crypto/objects/README similarity index 100% rename from crypto/objects/objects.README rename to crypto/objects/README diff --git a/crypto/pem/message b/crypto/pem/message deleted file mode 100644 index e8bf9d7592..0000000000 --- a/crypto/pem/message +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PRIVACY-ENHANCED MESSAGE----- -Proc-Type: 4,ENCRYPTED -Proc-Type: 4,MIC-ONLY -Proc-Type: 4,MIC-CLEAR -Content-Domain: RFC822 -DEK-Info: DES-CBC,0123456789abcdef -Originator-Certificate - xxxx -Issuer-Certificate - xxxx -MIC-Info: RSA-MD5,RSA, - xxxx - - ------END PRIVACY-ENHANCED MESSAGE----- - diff --git a/crypto/pem/pkcs7.lis b/crypto/pem/pkcs7.lis deleted file mode 100644 index be90c5d87f..0000000000 --- a/crypto/pem/pkcs7.lis +++ /dev/null @@ -1,22 +0,0 @@ -21 0:d=0 hl=2 l= 0 cons: univ: SEQUENCE - 00 2:d=0 hl=2 l= 9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-signedData - 21 13:d=0 hl=2 l= 0 cons: cont: 00 # explicit tag - 21 15:d=0 hl=2 l= 0 cons: univ: SEQUENCE - 00 17:d=0 hl=2 l= 1 prim: univ: INTEGER # version - 20 20:d=0 hl=2 l= 0 cons: univ: SET - 21 22:d=0 hl=2 l= 0 cons: univ: SEQUENCE - 00 24:d=0 hl=2 l= 9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-data - 00 35:d=0 hl=2 l= 0 prim: univ: EOC - 21 37:d=0 hl=2 l= 0 cons: cont: 00 # cert tag - 20 39:d=0 hl=4 l=545 cons: univ: SEQUENCE - 20 588:d=0 hl=4 l=524 cons: univ: SEQUENCE - 00 1116:d=0 hl=2 l= 0 prim: univ: EOC - 21 1118:d=0 hl=2 l= 0 cons: cont: 01 # crl tag - 20 1120:d=0 hl=4 l=653 cons: univ: SEQUENCE - 20 1777:d=0 hl=4 l=285 cons: univ: SEQUENCE - 00 2066:d=0 hl=2 l= 0 prim: univ: EOC - 21 2068:d=0 hl=2 l= 0 cons: univ: SET # signers - 00 2070:d=0 hl=2 l= 0 prim: univ: EOC - 00 2072:d=0 hl=2 l= 0 prim: univ: EOC - 00 2074:d=0 hl=2 l= 0 prim: univ: EOC -00 2076:d=0 hl=2 l= 0 prim: univ: EOC diff --git a/crypto/perlasm/readme b/crypto/perlasm/README similarity index 100% rename from crypto/perlasm/readme rename to crypto/perlasm/README diff --git a/crypto/rc2/rrc2.doc b/crypto/rc2/rrc2.doc deleted file mode 100644 index f93ee003d2..0000000000 --- a/crypto/rc2/rrc2.doc +++ /dev/null @@ -1,219 +0,0 @@ ->From cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news Mon Feb 12 18:48:17 EST 1996 -Article 23601 of sci.crypt: -Path: cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news ->From: pgut01@cs.auckland.ac.nz (Peter Gutmann) -Newsgroups: sci.crypt -Subject: Specification for Ron Rivests Cipher No.2 -Date: 11 Feb 1996 06:45:03 GMT -Organization: University of Auckland -Lines: 203 -Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann) -Message-ID: <4fk39f$f70@net.auckland.ac.nz> -NNTP-Posting-Host: cs26.cs.auckland.ac.nz -X-Newsreader: NN version 6.5.0 #3 (NOV) - - - - - Ron Rivest's Cipher No.2 - ------------------------ - -Ron Rivest's Cipher No.2 (hereafter referred to as RRC.2, other people may -refer to it by other names) is word oriented, operating on a block of 64 bits -divided into four 16-bit words, with a key table of 64 words. All data units -are little-endian. This functional description of the algorithm is based in -the paper "The RC5 Encryption Algorithm" (RC5 is a trademark of RSADSI), using -the same general layout, terminology, and pseudocode style. - - -Notation and RRC.2 Primitive Operations - -RRC.2 uses the following primitive operations: - -1. Two's-complement addition of words, denoted by "+". The inverse operation, - subtraction, is denoted by "-". -2. Bitwise exclusive OR, denoted by "^". -3. Bitwise AND, denoted by "&". -4. Bitwise NOT, denoted by "~". -5. A left-rotation of words; the rotation of word x left by y is denoted - x <<< y. The inverse operation, right-rotation, is denoted x >>> y. - -These operations are directly and efficiently supported by most processors. - - -The RRC.2 Algorithm - -RRC.2 consists of three components, a *key expansion* algorithm, an -*encryption* algorithm, and a *decryption* algorithm. - - -Key Expansion - -The purpose of the key-expansion routine is to expand the user's key K to fill -the expanded key array S, so S resembles an array of random binary words -determined by the user's secret key K. - -Initialising the S-box - -RRC.2 uses a single 256-byte S-box derived from the ciphertext contents of -Beale Cipher No.1 XOR'd with a one-time pad. The Beale Ciphers predate modern -cryptography by enough time that there should be no concerns about trapdoors -hidden in the data. They have been published widely, and the S-box can be -easily recreated from the one-time pad values and the Beale Cipher data taken -from a standard source. To initialise the S-box: - - for i = 0 to 255 do - sBox[ i ] = ( beale[ i ] mod 256 ) ^ pad[ i ] - -The contents of Beale Cipher No.1 and the necessary one-time pad are given as -an appendix at the end of this document. For efficiency, implementors may wish -to skip the Beale Cipher expansion and store the sBox table directly. - -Expanding the Secret Key to 128 Bytes - -The secret key is first expanded to fill 128 bytes (64 words). The expansion -consists of taking the sum of the first and last bytes in the user key, looking -up the sum (modulo 256) in the S-box, and appending the result to the key. The -operation is repeated with the second byte and new last byte of the key until -all 128 bytes have been generated. Note that the following pseudocode treats -the S array as an array of 128 bytes rather than 64 words. - - for j = 0 to length-1 do - S[ j ] = K[ j ] - for j = length to 127 do - s[ j ] = sBox[ ( S[ j-length ] + S[ j-1 ] ) mod 256 ]; - -At this point it is possible to perform a truncation of the effective key -length to ease the creation of espionage-enabled software products. However -since the author cannot conceive why anyone would want to do this, it will not -be considered further. - -The final phase of the key expansion involves replacing the first byte of S -with the entry selected from the S-box: - - S[ 0 ] = sBox[ S[ 0 ] ] - - -Encryption - -The cipher has 16 full rounds, each divided into 4 subrounds. Two of the full -rounds perform an additional transformation on the data. Note that the -following pseudocode treats the S array as an array of 64 words rather than 128 -bytes. - - for i = 0 to 15 do - j = i * 4; - word0 = ( word0 + ( word1 & ~word3 ) + ( word2 & word3 ) + S[ j+0 ] ) <<< 1 - word1 = ( word1 + ( word2 & ~word0 ) + ( word3 & word0 ) + S[ j+1 ] ) <<< 2 - word2 = ( word2 + ( word3 & ~word1 ) + ( word0 & word1 ) + S[ j+2 ] ) <<< 3 - word3 = ( word3 + ( word0 & ~word2 ) + ( word1 & word2 ) + S[ j+3 ] ) <<< 5 - -In addition the fifth and eleventh rounds add the contents of the S-box indexed -by one of the data words to another of the data words following the four -subrounds as follows: - - word0 = word0 + S[ word3 & 63 ]; - word1 = word1 + S[ word0 & 63 ]; - word2 = word2 + S[ word1 & 63 ]; - word3 = word3 + S[ word2 & 63 ]; - - -Decryption - -The decryption operation is simply the inverse of the encryption operation. -Note that the following pseudocode treats the S array as an array of 64 words -rather than 128 bytes. - - for i = 15 downto 0 do - j = i * 4; - word3 = ( word3 >>> 5 ) - ( word0 & ~word2 ) - ( word1 & word2 ) - S[ j+3 ] - word2 = ( word2 >>> 3 ) - ( word3 & ~word1 ) - ( word0 & word1 ) - S[ j+2 ] - word1 = ( word1 >>> 2 ) - ( word2 & ~word0 ) - ( word3 & word0 ) - S[ j+1 ] - word0 = ( word0 >>> 1 ) - ( word1 & ~word3 ) - ( word2 & word3 ) - S[ j+0 ] - -In addition the fifth and eleventh rounds subtract the contents of the S-box -indexed by one of the data words from another one of the data words following -the four subrounds as follows: - - word3 = word3 - S[ word2 & 63 ] - word2 = word2 - S[ word1 & 63 ] - word1 = word1 - S[ word0 & 63 ] - word0 = word0 - S[ word3 & 63 ] - - -Test Vectors - -The following test vectors may be used to test the correctness of an RRC.2 -implementation: - - Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - Cipher: 0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7 - - Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 - Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - Cipher: 0x21, 0x82, 0x9C, 0x78, 0xA9, 0xF9, 0xC0, 0x74 - - Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - Plain: 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF - Cipher: 0x13, 0xDB, 0x35, 0x17, 0xD3, 0x21, 0x86, 0x9E - - Key: 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F - Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - Cipher: 0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31 - - -Appendix: Beale Cipher No.1, "The Locality of the Vault", and One-time Pad for - Creating the S-Box - -Beale Cipher No.1. - - 71, 194, 38,1701, 89, 76, 11, 83,1629, 48, 94, 63, 132, 16, 111, 95, - 84, 341, 975, 14, 40, 64, 27, 81, 139, 213, 63, 90,1120, 8, 15, 3, - 126,2018, 40, 74, 758, 485, 604, 230, 436, 664, 582, 150, 251, 284, 308, 231, - 124, 211, 486, 225, 401, 370, 11, 101, 305, 139, 189, 17, 33, 88, 208, 193, - 145, 1, 94, 73, 416, 918, 263, 28, 500, 538, 356, 117, 136, 219, 27, 176, - 130, 10, 460, 25, 485, 18, 436, 65, 84, 200, 283, 118, 320, 138, 36, 416, - 280, 15, 71, 224, 961, 44, 16, 401, 39, 88, 61, 304, 12, 21, 24, 283, - 134, 92, 63, 246, 486, 682, 7, 219, 184, 360, 780, 18, 64, 463, 474, 131, - 160, 79, 73, 440, 95, 18, 64, 581, 34, 69, 128, 367, 460, 17, 81, 12, - 103, 820, 62, 110, 97, 103, 862, 70, 60,1317, 471, 540, 208, 121, 890, 346, - 36, 150, 59, 568, 614, 13, 120, 63, 219, 812,2160,1780, 99, 35, 18, 21, - 136, 872, 15, 28, 170, 88, 4, 30, 44, 112, 18, 147, 436, 195, 320, 37, - 122, 113, 6, 140, 8, 120, 305, 42, 58, 461, 44, 106, 301, 13, 408, 680, - 93, 86, 116, 530, 82, 568, 9, 102, 38, 416, 89, 71, 216, 728, 965, 818, - 2, 38, 121, 195, 14, 326, 148, 234, 18, 55, 131, 234, 361, 824, 5, 81, - 623, 48, 961, 19, 26, 33, 10,1101, 365, 92, 88, 181, 275, 346, 201, 206 - -One-time Pad. - - 158, 186, 223, 97, 64, 145, 190, 190, 117, 217, 163, 70, 206, 176, 183, 194, - 146, 43, 248, 141, 3, 54, 72, 223, 233, 153, 91, 210, 36, 131, 244, 161, - 105, 120, 113, 191, 113, 86, 19, 245, 213, 221, 43, 27, 242, 157, 73, 213, - 193, 92, 166, 10, 23, 197, 112, 110, 193, 30, 156, 51, 125, 51, 158, 67, - 197, 215, 59, 218, 110, 246, 181, 0, 135, 76, 164, 97, 47, 87, 234, 108, - 144, 127, 6, 6, 222, 172, 80, 144, 22, 245, 207, 70, 227, 182, 146, 134, - 119, 176, 73, 58, 135, 69, 23, 198, 0, 170, 32, 171, 176, 129, 91, 24, - 126, 77, 248, 0, 118, 69, 57, 60, 190, 171, 217, 61, 136, 169, 196, 84, - 168, 167, 163, 102, 223, 64, 174, 178, 166, 239, 242, 195, 249, 92, 59, 38, - 241, 46, 236, 31, 59, 114, 23, 50, 119, 186, 7, 66, 212, 97, 222, 182, - 230, 118, 122, 86, 105, 92, 179, 243, 255, 189, 223, 164, 194, 215, 98, 44, - 17, 20, 53, 153, 137, 224, 176, 100, 208, 114, 36, 200, 145, 150, 215, 20, - 87, 44, 252, 20, 235, 242, 163, 132, 63, 18, 5, 122, 74, 97, 34, 97, - 142, 86, 146, 221, 179, 166, 161, 74, 69, 182, 88, 120, 128, 58, 76, 155, - 15, 30, 77, 216, 165, 117, 107, 90, 169, 127, 143, 181, 208, 137, 200, 127, - 170, 195, 26, 84, 255, 132, 150, 58, 103, 250, 120, 221, 237, 37, 8, 99 - - -Implementation - -A non-US based programmer who has never seen any encryption code before will -shortly be implementing RRC.2 based solely on this specification and not on -knowledge of any other encryption algorithms. Stand by. - - - diff --git a/crypto/rc2/version b/crypto/rc2/version deleted file mode 100644 index 9db89544d8..0000000000 --- a/crypto/rc2/version +++ /dev/null @@ -1,22 +0,0 @@ -1.1 23/08/96 - eay - Changed RC2_set_key() so it now takes another argument. Many - thanks to Peter Gutmann for the - clarification and original specification of RC2. BSAFE uses - this last parameter, 'bits'. It the key is 128 bits, BSAFE - also sets this parameter to 128. The old behaviour can be - duplicated by setting this parameter to 1024. - -1.0 08/04/96 - eay - First version of SSLeay with rc2. This has been written from the spec - posted sci.crypt. It is in this directory under rrc2.doc - I have no test values for any mode other than ecb, my wrappers for the - other modes should be ok since they are basically the same as - the ones taken from idea and des :-). I have implemented them as - little-endian operators. - While rc2 is included because it is used with SSL, I don't know how - far I trust it. It is about the same speed as IDEA and DES. - So if you are paranoid, used Tripple DES, else IDEA. If RC2 - does get used more, perhaps more people will look for weaknesses in - it. - - diff --git a/crypto/rc5/rc5s.cpp b/crypto/rc5/rc5s.cpp deleted file mode 100644 index 1c5518bc80..0000000000 --- a/crypto/rc5/rc5s.cpp +++ /dev/null @@ -1,70 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke@unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include -#include -#include - -void main(int argc,char *argv[]) - { - RC5_32_KEY key; - unsigned long s1,s2,e1,e2; - unsigned long data[2]; - int i,j; - static unsigned char d[16]={0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}; - - RC5_32_set_key(&key, 16,d,12); - - for (j=0; j<6; j++) - { - for (i=0; i<1000; i++) /**/ - { - RC5_32_encrypt(&data[0],&key); - GetTSC(s1); - RC5_32_encrypt(&data[0],&key); - RC5_32_encrypt(&data[0],&key); - RC5_32_encrypt(&data[0],&key); - GetTSC(e1); - GetTSC(s2); - RC5_32_encrypt(&data[0],&key); - RC5_32_encrypt(&data[0],&key); - RC5_32_encrypt(&data[0],&key); - RC5_32_encrypt(&data[0],&key); - GetTSC(e2); - RC5_32_encrypt(&data[0],&key); - } - - printf("cast %d %d (%d)\n", - e1-s1,e2-s2,((e2-s2)-(e1-s1))); - } - } - diff --git a/crypto/sha/asm/README b/crypto/sha/asm/README deleted file mode 100644 index b7e755765f..0000000000 --- a/crypto/sha/asm/README +++ /dev/null @@ -1 +0,0 @@ -C2.pl works diff --git a/engines/capierr.bat b/engines/capierr.bat deleted file mode 100644 index 274ffac2fe..0000000000 --- a/engines/capierr.bat +++ /dev/null @@ -1 +0,0 @@ -perl ../util/mkerr.pl -conf e_capi.ec -nostatic -staticloader -write e_capi.c diff --git a/test/test_aesni b/test/test_aesni deleted file mode 100755 index 3929c7574b..0000000000 --- a/test/test_aesni +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/sh - -PROG=$1 - -if [ -x $PROG ]; then - if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then - : - else - echo "$PROG is not OpenSSL executable" - exit 1 - fi -else - echo "$PROG is not executable" - exit 1; -fi - -if [ 1 ]; then - - HASH=`cat $PROG | $PROG dgst -hex` - - AES_ALGS=" aes-128-ctr aes-128-ecb aes-128-cbc aes-128-cfb aes-128-ofb \ - aes-192-ctr aes-192-ecb aes-192-cbc aes-192-cfb aes-192-ofb \ - aes-256-ctr aes-256-ecb aes-256-cbc aes-256-cfb aes-256-ofb" - BUFSIZE="16 32 48 64 80 96 128 144 999" - - nerr=0 - - for alg in $AES_ALGS; do - echo $alg - for bufsize in $BUFSIZE; do - TEST=`( cat $PROG | \ - $PROG enc -e -k "$HASH" -$alg -bufsize $bufsize | \ - env OPENSSL_ia32cap=~0x0200000000000000 $PROG enc -d -k "$HASH" -$alg | \ - $PROG dgst -hex ) 2>/dev/null` - if [ "$TEST" != "$HASH" ]; then - echo "-$alg/$bufsize encrypt test failed" - nerr=`expr $nerr + 1` - fi - done - for bufsize in $BUFSIZE; do - TEST=`( cat $PROG | \ - env OPENSSL_ia32cap=~0x0200000000000000 $PROG enc -e -k "$HASH" -$alg | \ - $PROG enc -d -k "$HASH" -$alg -bufsize $bufsize | \ - $PROG dgst -hex ) 2>/dev/null` - if [ "$TEST" != "$HASH" ]; then - echo "-$alg/$bufsize decrypt test failed" - nerr=`expr $nerr + 1` - fi - done - TEST=`( cat $PROG | \ - $PROG enc -e -k "$HASH" -$alg | \ - $PROG enc -d -k "$HASH" -$alg | \ - $PROG dgst -hex ) 2>/dev/null` - if [ "$TEST" != "$HASH" ]; then - echo "-$alg en/decrypt test failed" - nerr=`expr $nerr + 1` - fi - done - - if [ $nerr -gt 0 ]; then - echo "AESNI engine test failed." - exit 1; - fi -else - echo "AESNI engine is not available" -fi - -exit 0 diff --git a/test/test_padlock b/test/test_padlock deleted file mode 100755 index 5c0f21043c..0000000000 --- a/test/test_padlock +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/sh - -PROG=$1 - -if [ -x $PROG ]; then - if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then - : - else - echo "$PROG is not OpenSSL executable" - exit 1 - fi -else - echo "$PROG is not executable" - exit 1; -fi - -if $PROG engine padlock | grep -v no-ACE; then - - HASH=`cat $PROG | $PROG dgst -hex` - - ACE_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \ - aes-128-cbc aes-192-cbc aes-256-cbc \ - aes-128-cfb aes-192-cfb aes-256-cfb \ - aes-128-ofb aes-192-ofb aes-256-ofb" - - nerr=0 - - for alg in $ACE_ALGS; do - echo $alg - TEST=`( cat $PROG | \ - $PROG enc -e -k "$HASH" -$alg -bufsize 999 -engine padlock | \ - $PROG enc -d -k "$HASH" -$alg | \ - $PROG dgst -hex ) 2>/dev/null` - if [ "$TEST" != "$HASH" ]; then - echo "-$alg encrypt test failed" - nerr=`expr $nerr + 1` - fi - TEST=`( cat $PROG | \ - $PROG enc -e -k "$HASH" -$alg | \ - $PROG enc -d -k "$HASH" -$alg -bufsize 999 -engine padlock | \ - $PROG dgst -hex ) 2>/dev/null` - if [ "$TEST" != "$HASH" ]; then - echo "-$alg decrypt test failed" - nerr=`expr $nerr + 1` - fi - TEST=`( cat $PROG | \ - $PROG enc -e -k "$HASH" -$alg -engine padlock | \ - $PROG enc -d -k "$HASH" -$alg -engine padlock | \ - $PROG dgst -hex ) 2>/dev/null` - if [ "$TEST" != "$HASH" ]; then - echo "-$alg en/decrypt test failed" - nerr=`expr $nerr + 1` - fi - done - - if [ $nerr -gt 0 ]; then - echo "PadLock ACE test failed." - exit 1; - fi -else - echo "PadLock ACE is not available" -fi - -exit 0 diff --git a/test/test_t4 b/test/test_t4 deleted file mode 100755 index 5cecb56394..0000000000 --- a/test/test_t4 +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/sh - -PROG=$1 - -if [ -x $PROG ]; then - if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then - : - else - echo "$PROG is not OpenSSL executable" - exit 1 - fi -else - echo "$PROG is not executable" - exit 1; -fi - -if [ 1 ]; then - - HASH=`cat $PROG | $PROG dgst -hex` - - AES_ALGS=" des-cbc des-ede-cbc des-ede3-cbc \ - camellia-128-cbc camellia-128-cfb \ - camellia-192-cbc camellia-192-cfb \ - camellia-256-cbc camellia-256-cfb \ - aes-128-ctr aes-128-cbc aes-128-cfb aes-128-ofb \ - aes-192-ctr aes-192-cbc aes-192-cfb aes-192-ofb \ - aes-256-ctr aes-256-cbc aes-256-cfb aes-256-ofb" - BUFSIZE="16 32 48 999" - - nerr=0 - - for alg in $AES_ALGS; do - echo $alg - for bufsize in $BUFSIZE; do - TEST=`( cat $PROG | \ - $PROG enc -e -k "$HASH" -$alg -bufsize $bufsize | \ - env OPENSSL_sparcv9cap=0 $PROG enc -d -k "$HASH" -$alg | \ - $PROG dgst -hex ) 2>/dev/null` - if [ "$TEST" != "$HASH" ]; then - echo "-$alg/$bufsize encrypt test failed" - nerr=`expr $nerr + 1` - fi - done - for bufsize in $BUFSIZE; do - TEST=`( cat $PROG | \ - env OPENSSL_sparcv9cap=0 $PROG enc -e -k "$HASH" -$alg | \ - $PROG enc -d -k "$HASH" -$alg -bufsize $bufsize | \ - $PROG dgst -hex ) 2>/dev/null` - if [ "$TEST" != "$HASH" ]; then - echo "-$alg/$bufsize decrypt test failed" - nerr=`expr $nerr + 1` - fi - done - TEST=`( cat $PROG | \ - $PROG enc -e -k "$HASH" -$alg | \ - $PROG enc -d -k "$HASH" -$alg | \ - $PROG dgst -hex ) 2>/dev/null` - if [ "$TEST" != "$HASH" ]; then - echo "-$alg en/decrypt test failed" - nerr=`expr $nerr + 1` - fi - done - - if [ $nerr -gt 0 ]; then - echo "SPARC T4 test failed." - exit 1 - fi -fi - -exit 0 diff --git a/test/times b/test/times deleted file mode 100644 index 6b66eb342e..0000000000 --- a/test/times +++ /dev/null @@ -1,113 +0,0 @@ - -More number for the questions about SSL overheads.... - -The following numbers were generated on a Pentium pro 200, running Linux. -They give an indication of the SSL protocol and encryption overheads. - -The program that generated them is an unreleased version of ssl/ssltest.c -which is the SSLeay ssl protocol testing program. It is a single process that -talks both sides of the SSL protocol via a non-blocking memory buffer -interface. - -How do I read this? The protocol and cipher are reasonable obvious. -The next number is the number of connections being made. The next is the -number of bytes exchanged between the client and server side of the protocol. -This is the number of bytes that the client sends to the server, and then -the server sends back. Because this is all happening in one process, -the data is being encrypted, decrypted, encrypted and then decrypted again. -It is a round trip of that many bytes. Because the one process performs -both the client and server sides of the protocol and it sends this many bytes -each direction, multiply this number by 4 to generate the number -of bytes encrypted/decrypted/MACed. The first time value is how many seconds -elapsed doing a full SSL handshake, the second is the cost of one -full handshake and the rest being session-id reuse. - -SSLv2 RC4-MD5 1000 x 1 12.83s 0.70s -SSLv3 NULL-MD5 1000 x 1 14.35s 1.47s -SSLv3 RC4-MD5 1000 x 1 14.46s 1.56s -SSLv3 RC4-MD5 1000 x 1 51.93s 1.62s 1024bit RSA -SSLv3 RC4-SHA 1000 x 1 14.61s 1.83s -SSLv3 DES-CBC-SHA 1000 x 1 14.70s 1.89s -SSLv3 DES-CBC3-SHA 1000 x 1 15.16s 2.16s - -SSLv2 RC4-MD5 1000 x 1024 13.72s 1.27s -SSLv3 NULL-MD5 1000 x 1024 14.79s 1.92s -SSLv3 RC4-MD5 1000 x 1024 52.58s 2.29s 1024bit RSA -SSLv3 RC4-SHA 1000 x 1024 15.39s 2.67s -SSLv3 DES-CBC-SHA 1000 x 1024 16.45s 3.55s -SSLv3 DES-CBC3-SHA 1000 x 1024 18.21s 5.38s - -SSLv2 RC4-MD5 1000 x 10240 18.97s 6.52s -SSLv3 NULL-MD5 1000 x 10240 17.79s 5.11s -SSLv3 RC4-MD5 1000 x 10240 20.25s 7.90s -SSLv3 RC4-MD5 1000 x 10240 58.26s 8.08s 1024bit RSA -SSLv3 RC4-SHA 1000 x 10240 22.96s 11.44s -SSLv3 DES-CBC-SHA 1000 x 10240 30.65s 18.41s -SSLv3 DES-CBC3-SHA 1000 x 10240 47.04s 34.53s - -SSLv2 RC4-MD5 1000 x 102400 70.22s 57.74s -SSLv3 NULL-MD5 1000 x 102400 43.73s 31.03s -SSLv3 RC4-MD5 1000 x 102400 71.32s 58.83s -SSLv3 RC4-MD5 1000 x 102400 109.66s 59.20s 1024bit RSA -SSLv3 RC4-SHA 1000 x 102400 95.88s 82.21s -SSLv3 DES-CBC-SHA 1000 x 102400 173.22s 160.55s -SSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s - -What does this all mean? Well for a server, with no session-id reuse, with -a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key, -a Pentium pro 200 running Linux can handle the SSLv3 protocol overheads of -about 49 connections a second. Reality will be quite different :-). - -Remember the first number is 1000 full ssl handshakes, the second is -1 full and 999 with session-id reuse. The RSA overheads for each exchange -would be one public and one private operation, but the protocol/MAC/cipher -cost would be quite similar in both the client and server. - -eric (adding numbers to speculation) - ---- Appendix --- -- The time measured is user time but these number a very rough. -- Remember this is the cost of both client and server sides of the protocol. -- The TCP/kernel overhead of connection establishment is normally the - killer in SSL. Often delays in the TCP protocol will make session-id - reuse look slower that new sessions, but this would not be the case on - a loaded server. -- The TCP round trip latencies, while slowing individual connections, - would have minimal impact on throughput. -- Instead of sending one 102400 byte buffer, one 8k buffer is sent until -- the required number of bytes are processed. -- The SSLv3 connections were actually SSLv2 compatible SSLv3 headers. -- A 512bit server key was being used except where noted. -- No server key verification was being performed on the client side of the - protocol. This would slow things down very little. -- The library being used is SSLeay 0.8.x. -- The normal measuring system was commands of the form - time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse - This modified version of ssltest should be in the next public release of - SSLeay. - -The general cipher performance number for this platform are - -SSLeay 0.8.2a 04-Sep-1997 -built on Fri Sep 5 17:37:05 EST 1997 -options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) -C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 131.02k 368.41k 500.57k 549.21k 566.09k -mdc2 535.60k 589.10k 595.88k 595.97k 594.54k -md5 1801.53k 9674.77k 17484.03k 21849.43k 23592.96k -sha 1261.63k 5533.25k 9285.63k 11187.88k 11913.90k -sha1 1103.13k 4782.53k 7933.78k 9472.34k 10070.70k -rc4 10722.53k 14443.93k 15215.79k 15299.24k 15219.59k -des cbc 3286.57k 3827.73k 3913.39k 3931.82k 3926.70k -des ede3 1443.50k 1549.08k 1561.17k 1566.38k 1564.67k -idea cbc 2203.64k 2508.16k 2538.33k 2543.62k 2547.71k -rc2 cbc 1430.94k 1511.59k 1524.82k 1527.13k 1523.33k -blowfish cbc 4716.07k 5965.82k 6190.17k 6243.67k 6234.11k - sign verify -rsa 512 bits 0.0100s 0.0011s -rsa 1024 bits 0.0451s 0.0012s -rsa 2048 bits 0.2605s 0.0086s -rsa 4096 bits 1.6883s 0.0302s - diff --git a/tools/c_hash b/tools/c_hash deleted file mode 100644 index 5e0a908175..0000000000 --- a/tools/c_hash +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh -# print out the hash values -# - -for i in $* -do - h=`openssl x509 -hash -noout -in $i` - echo "$h.0 => $i" -done diff --git a/tools/c_info b/tools/c_info deleted file mode 100644 index 0e1e633b6f..0000000000 --- a/tools/c_info +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh -# -# print the subject -# - -for i in $* -do - n=`openssl x509 -subject -issuer -enddate -noout -in $i` - echo "$i" - echo "$n" - echo "--------" -done diff --git a/tools/c_issuer b/tools/c_issuer deleted file mode 100644 index 55821ab740..0000000000 --- a/tools/c_issuer +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -# -# print out the issuer -# - -for i in $* -do - n=`openssl x509 -issuer -noout -in $i` - echo "$i $n" -done diff --git a/tools/c_name b/tools/c_name deleted file mode 100644 index 28800c0b30..0000000000 --- a/tools/c_name +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -# -# print the subject -# - -for i in $* -do - n=`openssl x509 -subject -noout -in $i` - echo "$i $n" -done diff --git a/tools/primes.py b/tools/primes.py deleted file mode 100644 index 61de99f000..0000000000 --- a/tools/primes.py +++ /dev/null @@ -1,21 +0,0 @@ -primes = [2, 3, 5, 7, 11] -safe = False # Not sure if the period's right on safe primes. - -muliplier = 1 if not safe else 2 -for p in primes: - muliplier *= p - -offsets = [] -for x in range(3, muliplier + 3, 2): - prime = True - for p in primes: - if not x % p or (safe and not ((x - 1) / 2) % p): - prime = False - break - - if prime: - offsets.append(x) - -print(offsets) -print(len(offsets)) -print(muliplier) diff --git a/util/domd.in b/util/domd.in deleted file mode 100755 index 1569c35eba..0000000000 --- a/util/domd.in +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh -## Wrapper to portably run makedepend or equivalent compiler built-in. -## Runs on Makefile.in, generates Makefile -## {- join("\n## ", @autowarntext) -} - -{- "MAKEDEPEND=" . quotify1($config{makedepprog}) -} - -case "${MAKEDEPEND}" in -cat) - ;; -makedepend) - ${MAKEDEPEND} $@ || exit 1 - ;; -*) - args="-Werror -MM" - while [ $# -gt 0 ]; do - if [ "$1" != '--' ] ; then - args="$args $1" - fi - shift - done - sed -e '/DO NOT DELETE THIS LINE/q' Makefile >Makefile.tmp - ${MAKEDEPEND} $args >>Makefile.tmp || exit 1 - mv Makefile.tmp Makefile - ;; -esac diff --git a/util/install.sh b/util/install.sh deleted file mode 100755 index e1d0c982df..0000000000 --- a/util/install.sh +++ /dev/null @@ -1,108 +0,0 @@ -#!/bin/sh -# -# install - install a program, script, or datafile -# This comes from X11R5; it is not part of GNU. -# -# $XConsortium: install.sh,v 1.2 89/12/18 14:47:22 jim Exp $ -# -# This script is compatible with the BSD install script, but was written -# from scratch. -# - - -# set DOITPROG to echo to test this script - -doit="${DOITPROG:-}" - - -# put in absolute paths if you don't have them in your path; or use env. vars. - -mvprog="${MVPROG:-mv}" -cpprog="${CPPROG:-cp}" -chmodprog="${CHMODPROG:-chmod}" -chownprog="${CHOWNPROG:-chown}" -chgrpprog="${CHGRPPROG:-chgrp}" -stripprog="${STRIPPROG:-strip}" -rmprog="${RMPROG:-rm}" - -instcmd="$mvprog" -chmodcmd="" -chowncmd="" -chgrpcmd="" -stripcmd="" -rmcmd="$rmprog -f" -src="" -dst="" - -while [ x"$1" != x ]; do - case $1 in - -c) instcmd="$cpprog" - shift - continue;; - - -m) chmodcmd="$chmodprog $2" - shift - shift - continue;; - - -o) chowncmd="$chownprog $2" - shift - shift - continue;; - - -g) chgrpcmd="$chgrpprog $2" - shift - shift - continue;; - - -s) stripcmd="$stripprog" - shift - continue;; - - *) if [ x"$src" = x ] - then - src=$1 - else - dst=$1 - fi - shift - continue;; - esac -done - -if [ x"$src" = x ] -then - echo "install: no input file specified" - exit 1 -fi - -if [ x"$dst" = x ] -then - echo "install: no destination specified" - exit 1 -fi - - -# if destination is a directory, append the input filename; if your system -# does not like double slashes in filenames, you may need to add some logic - -if [ -d $dst ] -then - dst="$dst"/`basename $src` -fi - - -# get rid of the old one and mode the new one in - -$doit $rmcmd $dst -$doit $instcmd $src $dst - - -# and set any options; do chmod last to preserve setuid bits - -if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; fi -if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; fi -if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; fi -if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; fi - -exit 0 diff --git a/util/toutf8.sh b/util/toutf8.sh deleted file mode 100644 index 8a4254b3df..0000000000 --- a/util/toutf8.sh +++ /dev/null @@ -1,17 +0,0 @@ -#! /bin/sh -# -# Very simple script to detect and convert files that we want to re-encode to UTF8 - -git ls-tree -r --name-only HEAD | \ - while read F; do - charset=`file -bi "$F" | sed -e 's|.*charset=||'` - if [ "$charset" != "utf-8" -a "$charset" != "binary" -a "$charset" != "us-ascii" ]; then - iconv -f ISO-8859-1 -t UTF8 < "$F" > "$F.utf8" && \ - ( cmp -s "$F" "$F.utf8" || \ - ( echo "$F" - mv "$F" "$F.iso-8859-1" - mv "$F.utf8" "$F" - ) - ) - fi - done