Re: [openssl-dev] frequency and size of heartbeat requests

2017-12-06 Thread Jitendra Lulla via openssl-dev 
thanks Hanno and Rich.


On Tue, 12/5/17, Hanno Böck <ha...@hboeck.de> wrote:

 Subject: Re: [openssl-dev] frequency and size of heartbeat requests
 To: openssl-dev@openssl.org
 Cc: "Jitendra Lulla" <lull...@yahoo.com>
 Date: Tuesday, December 5, 2017, 9:59 PM
 
 On Tue, 5 Dec 2017 19:14:41 +
 (UTC)
 Jitendra Lulla via openssl-dev <openssl-dev@openssl.org>
 wrote:
 
 > Could the
 solution be a restricted count of HB requests along with
 a
 > timer? 
 
 No, the solution is to disable TLS
 heartbeats.
 I actually wanted to bring this
 up when I recently noticed that OpenSSL
 still enables the heartbeat extension by
 default in every clienthello
 it sends.
 
 In the whole Heartbleed
 aftermath nobody was ever able to tell me where
 TLS Heartbeats are used. It's a feature in
 order to have a feature.
 
 
 -- 
 Hanno
 Böck
 https://hboeck.de/
 
 mail/jabber: ha...@hboeck.de
 GPG:
 FE73757FA60E4E21B937579FA5880072BBB51E42
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] frequency and size of heartbeat requests

2017-12-05 Thread Jitendra Lulla via openssl-dev 
Hi,

With  an "intentionally corrupted" tls1_heartbeat() in Openssl 1.0.2l, heart 
beat requests with big payloads such as 16300 or slightly more can be 
repeatedly sent to the server. 

The server, religiously responds back with such big payloads after spending its 
cpu on encrypting/HMAC computing on the payload in the heartbeat response 
messages..

I confirmed the above with s_server/s_client.

The RFC doesn't say anything about this possible exploit/DOS attack.
The RFC also allows such big payloads. 

While such payloads might be meeting some requirement (PMTU computation ?),, 
the frequency of such big messages (continuous repeats) must certainly be 
controlled. 

I see that this extn is disabled in openssl-master but I could see that some 
servers (eg yahoo) do respond to heartbeat requests which means that they are 
running some ssl implementation (probably Openssl) which is vulnerable to 
continuous repeated big HB requests.


Is the problem mentioned above a problem indeed or I am missing something ?

Could the solution be a restricted count of HB requests along with a timer? 

Thanks
Jitendra 



-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Known apps supporting tls max frag size extn

2017-12-04 Thread Jitendra Lulla via openssl-dev 

Thanks Joey.

And I found the url for listing a server's tls extensions here:

http://possible.lv/tools/hb/?domain=yahoo.com

Do you know how we can enable/test the extensions using firefox or any other 
browser?


On Mon, 12/4/17, Joey Yandle  wrote:

 Subject: Re: [openssl-dev] Known apps supporting tls max frag size extn
 To: "Jitendra Lulla" , openssl-dev@openssl.org
 Date: Monday, December 4, 2017, 5:13 AM
 
 > Also, I have lost the url of a website
 which used to analyze any given server ( eg www.yahoo.com)
 for its supporting various tls extensions. You provide the
 server url and it will display all the tls extns supported
 by that server.  If you know of any such url, could you
 please help me with that also.
 >
 
 
 openssl s_client has an
 argument -tlsextdebug:
 
 $
 openssl s_client -connect www.yahoo.com:443 -tlsextdebug
 CONNECTED(0003)
 TLS server
 extension "renegotiation info" (id=65281),
 len=1
 0001 - 
 TLS server extension "EC point
 formats" (id=11), len=4
  - 03 00 01
 02                                      
 
 TLS server extension "session
 ticket" (id=35), len=0
 TLS server
 extension "heartbeat" (id=15), len=1
 
 
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] Known apps supporting tls max frag size extn

2017-12-03 Thread Jitendra Lulla via openssl-dev 
Hi,

Could anybody please help me in finding known standard apps ( eg browsers and 
servers) which support tls extension for maximum fragment size negotiation?


Also, I have lost the url of a website which used to analyze any given server ( 
eg www.yahoo.com) for its supporting various tls extensions. You provide the 
server url and it will display all the tls extns supported by that server.  If 
you know of any such url, could you please help me with that also.

Thanks
Jitendra
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] afalg with OpenSSL 1.1.0f 25 May 2017

2017-08-16 Thread Jitendra Lulla via openssl-dev 
Hi Matt,

Thanks, I could find that the /usr/include/linux/version.h has #define 
LINUX_VERSION_CODE 199168 for my booted kernel 4.9.37. Which is why I see the 
following warnings also:

gcc  -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS 
-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM 
-DOPENSSLDIR="\"/usr/local/ssl\"" 
-DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 
-DL_ENDIAN  -Wa,--noexecstack -fPIC -DOPENSSL_USE_NODELETE -MMD -MF 
engines/afalg/e_afalg.d.tmp -MT engines/afalg/e_afalg.o -c -o 
engines/afalg/e_afalg.o engines/afalg/e_afalg.c
engines/afalg/e_afalg.c:30:4: warning: #warning "AFALG ENGINE requires Kernel 
Headers >= 4.1.0" [-Wcpp]
 #  warning "AFALG ENGINE requires Kernel Headers >= 4.1.0"
^
engines/afalg/e_afalg.c:31:4: warning: #warning "Skipping Compilation of AFALG 
engine" [-Wcpp]
 #  warning "Skipping Compilation of AFALG engine"


I will fix this problem now by having proper setup. Will update if I face any 
more issues.

Thanks
Jitendra





On Wed, 8/16/17, Jitendra Lulla  wrote:

 Subject: Re: afalg with OpenSSL 1.1.0f 25 May 2017
 To: "openssl-dev@openssl.org" , "Matt Caswell" 

 Cc: "Jitendra Lulla" 
 Date: Wednesday, August 16, 2017, 6:30 AM
 
 Hi Matt,
 
 
 I have linux 4.9.37 on RHEL7.3.
 [root@localhost
 jlulla]# uname -a
 Linux localhost.localdomain 4.9.37 #1
 SMP Fri Jul 21 04:52:46 PDT 2017 x86_64 x86_64 x86_64
 GNU/Linux
 
 
 [root@localhost
 test]# OPENSSL_ENGINES=../engines/afalg
 ../util/shlib_wrap.sh ./afalgtest
 AFALG not supported - skipping AFALG
 tests
 PASS
 [root@localhost
 test]#
 
 
 I am getting here:
 # if LINUX_VERSION_CODE <=
 KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2)
 /*
  * If we get here then it looks like
 there is a mismatch between the linux
  * headers and the actual kernel
 version, so we have tried to compile with
  * afalg support, but then skipped it
 in e_afalg.c. As far as this test is
  * concerned we behave as if we had
 been configured without support
  */
 #  define OPENSSL_NO_AFALGENG 
 # endif
 
 
 Following is the value for
 KERNEL_VERSION for me:
 
 [root@localhost
 jlulla]# ./kernelversion (program at the bottom of this
 mail)
 KERNEL_VERSION: 262400
 LINUX_VERSION_CODE 199168
 condition:1
 
 
 Where should I look to fix it?
 
 Thanks
 Jitrendra
 
 
 [root@localhost
 jlulla]# cat kernelversion.c
 #define LINUX_VERSION_CODE 199168
 #define KERNEL_VERSION(a,b,c) (((a)
 << 16) + ((b) << 8) + (c))
 #define RHEL_MAJOR 7
 #define RHEL_MINOR 3
 #define RHEL_RELEASE_VERSION(a,b) (((a)
 << 8) + (b))
 #define RHEL_RELEASE_CODE 1795
 #define RHEL_RELEASE "514"
 
 # define K_MAJ   4
 # define K_MIN1  1
 # define K_MIN2  0
 #include
 
 int main()
 {
        
 printf("KERNEL_VERSION: %d\n",  KERNEL_VERSION(K_MAJ,
 K_MIN1, K_MIN2));
        
 printf("LINUX_VERSION_CODE %d\n", LINUX_VERSION_CODE);
        
 printf("condition:%d\n",
          
              
 (LINUX_VERSION_CODE <= KERNEL_VERSION(K_MAJ, K_MIN1,
 K_MIN2)));
 }
 
 
 
 
 On Mon, 8/14/17, Matt Caswell 
 wrote:
 
  Subject: Re: afalg with OpenSSL 1.1.0f
 25 May 2017
  To: "openssl-dev@openssl.org"
 
  Cc: "Jitendra Lulla" 
  Date: Monday, August 14, 2017, 3:44
 PM
  
  Comments inserted.
  
  On 14/08/17 08:20, Jitendra
  Lulla wrote:
  > Hi,
  >
  
  > I am trying to use afalg on
 Linux
  4.9.37 with OpenSSL 1.1.0f.
  > 
  > I am facing 2 issues:
  >
  
  > ONE: when I issue the speed
 command, I
  see the following:
  > 
  > [root@localhost
  apps]# ./openssl speed -evp
 aes-128-cbc -engine afalg
  > invalid engine "afalg"
  >
 139853452924736:error:2506406A:DSO support
  routines:dlfcn_bind_func:could not
 bind to the requested
  symbol
 name:crypto/dso/dso_dlfcn.c:178:symname(bind_engine):
  /usr/local/lib64/engines-1.1/afalg.so:
 undefined symbol:
  bind_engine
  >
  139853452924736:error:2506C06A:DSO
 support
  routines:DSO_bind_func:could not bind
 to the requested
  symbol name:crypto/dso/dso_lib.c:185:
  >
  139853452924736:error:260B6068:engine
  routines:dynamic_load:DSO
  failure:crypto/engine/eng_dyn.c:427:
  >
  139853452924736:error:2606A074:engine
  routines:ENGINE_by_id:no such
 
 engine:crypto/engine/eng_list.c:339:id=afalg
  >
 139853452924736:error:25066067:DS
  > 
  > 
  > nm afalg.so doesn't show
  bind_engine
  > 
  Assuming
  you have already successfully built
 OpenSSL using
  "make", from
  the "test"
  subdir of the directory where you
 downloaded the source,
  what
  happens if you execute:
  
  OPENSSL_ENGINES=../engines/afalg
  ../util/shlib_wrap.sh

Re: [openssl-dev] afalg with OpenSSL 1.1.0f 25 May 2017

2017-08-16 Thread Jitendra Lulla via openssl-dev 
Hi Matt,


I have linux 4.9.37 on RHEL7.3.
[root@localhost jlulla]# uname -a
Linux localhost.localdomain 4.9.37 #1 SMP Fri Jul 21 04:52:46 PDT 2017 x86_64 
x86_64 x86_64 GNU/Linux


[root@localhost test]# OPENSSL_ENGINES=../engines/afalg ../util/shlib_wrap.sh 
./afalgtest
AFALG not supported - skipping AFALG tests
PASS
[root@localhost test]#


I am getting here:
# if LINUX_VERSION_CODE <= KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2)
/*
 * If we get here then it looks like there is a mismatch between the linux
 * headers and the actual kernel version, so we have tried to compile with
 * afalg support, but then skipped it in e_afalg.c. As far as this test is
 * concerned we behave as if we had been configured without support
 */
#  define OPENSSL_NO_AFALGENG 
# endif


Following is the value for KERNEL_VERSION for me:

[root@localhost jlulla]# ./kernelversion (program at the bottom of this mail)
KERNEL_VERSION: 262400
LINUX_VERSION_CODE 199168
condition:1


Where should I look to fix it?

Thanks
Jitrendra


[root@localhost jlulla]# cat kernelversion.c
#define LINUX_VERSION_CODE 199168
#define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c))
#define RHEL_MAJOR 7
#define RHEL_MINOR 3
#define RHEL_RELEASE_VERSION(a,b) (((a) << 8) + (b))
#define RHEL_RELEASE_CODE 1795
#define RHEL_RELEASE "514"

# define K_MAJ   4
# define K_MIN1  1
# define K_MIN2  0
#include

int main()
{
printf("KERNEL_VERSION: %d\n",  KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2));
printf("LINUX_VERSION_CODE %d\n", LINUX_VERSION_CODE);
printf("condition:%d\n",
(LINUX_VERSION_CODE <= KERNEL_VERSION(K_MAJ, K_MIN1, 
K_MIN2)));
}




On Mon, 8/14/17, Matt Caswell  wrote:

 Subject: Re: afalg with OpenSSL 1.1.0f 25 May 2017
 To: "openssl-dev@openssl.org" 
 Cc: "Jitendra Lulla" 
 Date: Monday, August 14, 2017, 3:44 PM
 
 Comments inserted.
 
 On 14/08/17 08:20, Jitendra
 Lulla wrote:
 > Hi,
 >
 
 > I am trying to use afalg on Linux
 4.9.37 with OpenSSL 1.1.0f.
 > 
 > I am facing 2 issues:
 >
 
 > ONE: when I issue the speed command, I
 see the following:
 > 
 > [root@localhost
 apps]# ./openssl speed -evp aes-128-cbc -engine afalg
 > invalid engine "afalg"
 > 139853452924736:error:2506406A:DSO support
 routines:dlfcn_bind_func:could not bind to the requested
 symbol name:crypto/dso/dso_dlfcn.c:178:symname(bind_engine):
 /usr/local/lib64/engines-1.1/afalg.so: undefined symbol:
 bind_engine
 >
 139853452924736:error:2506C06A:DSO support
 routines:DSO_bind_func:could not bind to the requested
 symbol name:crypto/dso/dso_lib.c:185:
 >
 139853452924736:error:260B6068:engine
 routines:dynamic_load:DSO
 failure:crypto/engine/eng_dyn.c:427:
 >
 139853452924736:error:2606A074:engine
 routines:ENGINE_by_id:no such
 engine:crypto/engine/eng_list.c:339:id=afalg
 > 139853452924736:error:25066067:DS
 > 
 > 
 > nm afalg.so doesn't show
 bind_engine
 > 
 Assuming
 you have already successfully built OpenSSL using
 "make", from
 the "test"
 subdir of the directory where you downloaded the source,
 what
 happens if you execute:
 
 OPENSSL_ENGINES=../engines/afalg
 ../util/shlib_wrap.sh ./afalgtest
 
 Another thing to try is (from the top level
 source dir)
 
 touch
 engines/afalg/e_afalg.c
 make
 
 Check to see if there are any
 warnings generated during the compilation
 of
 the engine.
 
 > 
 > When I modify the openssl.cnf file with
 the engine name and the CIPHERS, still I dont get it
 working. The command output and the change in the
 openssl.cnf pasted at the end of the mail.
 > 
 > 
 > TWO: I had to create a softlink to
 libcrypto.so.1.1 and libssl.so.1.1 like the following to
 make openssl command work:
 > ln -s
 /usr/local/lib64/libssl.so.1.1 /lib64/libssl.so.1.1
 > ln -s /usr/local/lib64/libcrypto.so.1.1
 /lib64/libcrypto.so.1.1
 > 
 > Is creating the softlinks a known issue
 and will be fixed? 
 No, this will not be
 fixed and may not be the most appropriate thing to
 do on all systems.
 
 
 Matt
 
 
 > 
 > I have pasted the
 complete information about the OS/distro environment and
 installation commands I ran at the bottom.
 > Could you please suggest what wrong I am
 doing to make afalg work.
 > 
 > Thanks
 > Jitendra
 Lulla
 > 
 > 
 > 
 > 
 > BEFORE INSTALLATION:
 >
 
 > [root@localhost
 jlulla]# rpm -qa  |grep openssl
 >
 openssl-1.0.1e-60.el7.x86_64
 >
 openssl-devel-1.0.1e-60.el7.x86_64
 >
 openssl-libs-1.0.1e-60.el7.x86_64
 > 
 > [root@localhost
 jlulla]# openssl version
 > OpenSSL
 1.0.1e-fips 11 Feb 2013
 > 
 > 
 > 
 > PLEASE SEE FROM HERE PLEASE SEE FROM HERE
 PLEASE SEE FROM HERE
 > 
 > STEP 1 : SOURCE
 TAKEN FROM https://www.openssl.org/source/openssl-1.1.0f.tar.gz
 2017-May-25 13:09:51
 > 
 > [root@localhost
 jlulla]# uname -a
 > Linux
 localhost.localdomain 4.9.37 #1 SMP Fri Jul 21 04:52:46 PDT
 2017 x86_64 x86_64 x86_64 GNU/Linux
 > 
 > [root@localhost
 jlulla]#

[openssl-dev] afalg with OpenSSL 1.1.0f 25 May 2017

2017-08-14 Thread Jitendra Lulla via openssl-dev 
Hi,

I am trying to use afalg on Linux 4.9.37 with OpenSSL 1.1.0f.

I am facing 2 issues:

ONE: when I issue the speed command, I see the following:

[root@localhost apps]# ./openssl speed -evp aes-128-cbc -engine afalg
invalid engine "afalg"
139853452924736:error:2506406A:DSO support routines:dlfcn_bind_func:could not 
bind to the requested symbol 
name:crypto/dso/dso_dlfcn.c:178:symname(bind_engine): 
/usr/local/lib64/engines-1.1/afalg.so: undefined symbol: bind_engine
139853452924736:error:2506C06A:DSO support routines:DSO_bind_func:could not 
bind to the requested symbol name:crypto/dso/dso_lib.c:185:
139853452924736:error:260B6068:engine routines:dynamic_load:DSO 
failure:crypto/engine/eng_dyn.c:427:
139853452924736:error:2606A074:engine routines:ENGINE_by_id:no such 
engine:crypto/engine/eng_list.c:339:id=afalg
139853452924736:error:25066067:DS


nm afalg.so doesn't show bind_engine


When I modify the openssl.cnf file with the engine name and the CIPHERS, still 
I dont get it working. The command output and the change in the openssl.cnf 
pasted at the end of the mail.


TWO: I had to create a softlink to libcrypto.so.1.1 and libssl.so.1.1 like the 
following to make openssl command work:
ln -s /usr/local/lib64/libssl.so.1.1 /lib64/libssl.so.1.1
ln -s /usr/local/lib64/libcrypto.so.1.1 /lib64/libcrypto.so.1.1

Is creating the softlinks a known issue and will be fixed? 

I have pasted the complete information about the OS/distro environment and 
installation commands I ran at the bottom.
Could you please suggest what wrong I am doing to make afalg work.

Thanks
Jitendra Lulla




BEFORE INSTALLATION:

[root@localhost jlulla]# rpm -qa  |grep openssl
openssl-1.0.1e-60.el7.x86_64
openssl-devel-1.0.1e-60.el7.x86_64
openssl-libs-1.0.1e-60.el7.x86_64

[root@localhost jlulla]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013



PLEASE SEE FROM HERE PLEASE SEE FROM HERE PLEASE SEE FROM 
HERE

STEP 1 : SOURCE TAKEN FROM https://www.openssl.org/source/openssl-1.1.0f.tar.gz 
2017-May-25 13:09:51

[root@localhost jlulla]# uname -a
Linux localhost.localdomain 4.9.37 #1 SMP Fri Jul 21 04:52:46 PDT 2017 x86_64 
x86_64 x86_64 GNU/Linux

[root@localhost jlulla]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.3 (Maipo)



[root@localhost openssl-1.1.0f]# pwd
/home/jlulla/openssl-1.1.0f

STEP 2: [root@localhost openssl-1.1.0f]# ./config shared enable-engine 
enable-dso enable-afalgeng
Operating system: x86_64-whatever-linux2
Configuring for linux-x86_64
Configuring OpenSSL version 1.1.0f (0x1010006fL)
no-asan[default]  OPENSSL_NO_ASAN
no-crypto-mdebug [default]  OPENSSL_NO_CRYPTO_MDEBUG
no-crypto-mdebug-backtrace [default]  OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128
no-egd  [default]  OPENSSL_NO_EGD
no-fuzz-afl[default]  OPENSSL_NO_FUZZ_AFL
no-fuzz-libfuzzer [default]  OPENSSL_NO_FUZZ_LIBFUZZER
no-heartbeats  [default]  OPENSSL_NO_HEARTBEATS
no-md2  [default]  OPENSSL_NO_MD2 (skip dir)
no-msan[default]  OPENSSL_NO_MSAN
no-rc5  [default]  OPENSSL_NO_RC5 (skip dir)
no-sctp[default]  OPENSSL_NO_SCTP
no-ssl-trace[default]  OPENSSL_NO_SSL_TRACE
no-ssl3[default]  OPENSSL_NO_SSL3
no-ssl3-method  [default]  OPENSSL_NO_SSL3_METHOD
no-ubsan[default]  OPENSSL_NO_UBSAN
no-unit-test[default]  OPENSSL_NO_UNIT_TEST
no-weak-ssl-ciphers [default]  OPENSSL_NO_WEAK_SSL_CIPHERS
no-zlib[default]
no-zlib-dynamic [default]
Configuring for linux-x86_64
CC=gcc
CFLAG=-Wall -O3 -pthread -m64 -DL_ENDIAN  -Wa,--noexecstack
SHARED_CFLAG  =-fPIC -DOPENSSL_USE_NODELETE
DEFINES  =DSO_DLFCN HAVE_DLFCN_H NDEBUG OPENSSL_THREADS 
OPENSSL_NO_STATIC_ENGINE OPENSSL_PIC OPENSSL_IA32_SSE2 OPENSSL_BN_ASM_MONT 
OPENSSL_BN_ASM_MONT5 OPENSSL_BN_ASM_GF2m SHA1_ASM SHA256_ASM SHA512_ASM RC4_ASM 
MD5_ASM AES_ASM VPAES_ASM BSAES_ASM GHASH_ASM ECP_NISTZ256_ASM PADLOCK_ASM 
POLY1305_ASM
LFLAG=
PLIB_LFLAG=
EX_LIBS  =-ldl
APPS_OBJ  =
CPUID_OBJ=x86_64cpuid.o
UPLINK_OBJ=
BN_ASM=asm/x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o 
rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
EC_ASM=ecp_nistz256.o ecp_nistz256-x86_64.o
DES_ENC  =des_enc.o fcrypt_b.o
AES_ENC  =aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o 
aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
BF_ENC=bf_enc.o
CAST_ENC  =c_enc.o
RC4_ENC  =rc4-x86_64.o rc4-md5-x86_64.o
RC5_ENC  =rc5_enc.o
MD5_OBJ_ASM  =md5-x86_64.o
SHA1_OBJ_ASM  =sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o 
sha256-mb-x86_64.o
RMD160_OBJ_ASM=
CMLL_ENC  =cmll-x86_64.o cmll_misc.o
MODES_OBJ=ghash-x86_64.o aesni-gcm-x86_64.o
PADLOCK_OBJ  =e_padlock-x86_64.o
CHACHA_ENC=chacha-x86_64.o
POLY1305_OBJ  =poly1305-x86_64.o
BLAKE2_OBJ=